In article <4ACAF8B8.CE15.0032.0@N0_$pam.vrapc.com>, Chris wrote:
> Would this allow rule be set as rule 1, or at least above
> all rules using user/group/containers ??
>
Think of two passes:
1. Look for allow rules, calling out source=IP address or Any. Skip
other rules. (Therefore the position of these rules compared to
nds-source rule doesn't matter).
2. Second pass, look for nds source rules.
You get into trouble when you have something like a SurfControl deny
rule followed by an Allow Any URL. With selective authentication,
everyone ends up going to the Allow Any URL, even if you had a
deny-this-group rule above it.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to
http://www.craigjconsulting.com ***
Re: proxy authentication
Threaded Mode
