Firewall Wizards mailing list archives
RE: Auth + content filtering?
From: Diaz Perez · Juan Carlos <JuanCarlos.Diaz () atosodsorigin com>
Date: Mon, 18 Feb 2002 21:52:53 +0100
I think you should change the orther of your rules this way: Src Dst Srv Act PrivUsers@InternalNet Any http ClientAuth MP3Users@InternalNet Any http ClientAuth Any Any http->mp3filter Reject If this works please, let me know. HTH :) JUAN CARLOS DÍAZ PÉREZ
-----Mensaje original----- De: Tamas FORJAN [SMTP:tamas () 2fkft com] Enviado el: domingo 17 de febrero de 2002 23:27 Para: firewall-wizards () nfr com Asunto: [fw-wiz] Auth + content filtering? Hello, I would like to know whether you know a way to implement HTTP file access control based on file extensions and authentication. Basically, what I would like to do is to set up different user groups for different kinds of file access. Not everybody should be able to access MP3 files, WMA files and such. My idea is to set up groups for those people who need access to these 'privileged' file types. What I tried already was to set up resources to filter content, along with partially automatic client auth. My rulebase looked the following: Src Dst Srv Act PrivUsers@InternalNet Any http ClientAuth Any Any http->mp3filter Reject MP3Users@InternalNet Any http ClientAuth The result of the above is that PrivUsers can properly authenticate and have access, but no users in the MP3Users group can authenticate at all. They receive 3 different authentication windows from their browser, but at the end, they receive the following error: Error 401 FW-1 at wreport: Unauthorized to access the document. Authorization is needed for FW-1. The authentication required by FW-1 for tforjan is: unknown. Reason for failure of last attempt: What worries me is the 'authentication required by FW-1 for tforjan is: unknown.' clause, because this user has a defined authentication scheme: FireWall-1 Password. No matter how many rules you set up, only the first authentication rule will allow successful authentication. All the others will fail with the above message. Do you have any idea why? Do you have any idea how to implement the desired functionality in any other way? Environment: Nokia IP440, IPSO 3.4.2, CP NG FP1. Thank you. -- FORJAN Tamas Technical Support 2F 2000 Szamitastechnikai es Szolgaltato Kft. http://www.2f.hu/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Auth + content filtering? Tamas FORJAN (Feb 18)
- <Possible follow-ups>
- RE: Auth + content filtering? Diaz Perez · Juan Carlos (Feb 18)