Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Custom Web Applications Resource Profile (NSM Procedure)

    A custom Web application resource profile is a resource profile that controls access to a Web application, Web server, or HTML page.

    To configure a custom Web application resource profile:

    1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure the Web application resource profile.
    2. Click the Configuration tab, and select Users > Resource Profiles > Web to create a custom Web resource profile.
    3. Click the New button, the New dialog box appears.
    4. Add or modify settings as specified in Table 1.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Configuring Custom Web Applications Resource Profile Details

    OptionFunctionYour Action
    Settings tab

    Name

    Specifies a unique name for the resource profile.

    Enter the name.

    Description

    Specifies a description for the resource profile.

    Enter the description.

    Type

    Specifies the type of resource profile.

    Select Custom from the Type drop–down list.

    Base URL

    Base URL

    Specifies the URL of the Web application or page for which you want to control access.

    Enter the URL using the format: [protocol://]host

    [:port][/path]

    Autopolicy: Web Access Control > Rules tab

    Name

    Specifies the name for the policy that allows or denies users access to the resource specified in the Base URL box.

    Enter the name.

    Action

    Allows or denies user access to the resource.

    Select Allow or Deny from the Action drop–down list.

    Resources

    Specifies the resource for which this policy applies.

    Enter the resource name.

    Autopolicy: Basic Authentication, NTLM or Kerberos Single Sign-On

    Resource

    Specifies the resource for which this policy applies.

    Specify the resource.

    Authentication Type

    Specifies the authentication type.

    Select the authentication type.

    Autopolicy: From POST Single Sign-On

    Resource

    Specifies the application’s sign-in page.

    Enter the path, such as: http://my.domain.com/ public/login.cgi.

    Note: Do not enter wildcard characters in this box.

    POST URL

    Specifies the absolute URL where the application posts the user’s credentials.

    Enter the URL, such as: http://yourcompany.com/login.cgi.

    Deny direct login for this resource

    Prevents users from manually entering their credentials in a sign-in page. (Users may see a sign-in page if the form POST fails.)

    Select the Deny direct login for this resource check box to enable this option.

    Allow multiple POSTs to this resource

    Allows the Secure Access device to send POST and cookie values to the resource multiple times if required. If you do not select this option, the Secure Access device does not attempt single sign-on when a user requests the same resource more than once during the same session.

    Select the Deny direct login for this resource check box to enable this option.

    POST Variables

    Label

    Specifies the label that appears on a user’s preferences page in the Secure Access device. This field is required if you either enable or require users to modify data to post to back-end applications.

    Enter the label name.

    Name

    Identifies the data in the Value box.

    Enter the name.

    Value

    Specifies a value to post to the form.

    Enter the value. You can enter static data or a system variable.

    User Modifiable?

    Allows or denies user to change the information in the Value box.

    Select any one of the following option:

    • Not Modifiable— User is not able to change the information in the Value box.
    • User Can Modify—User can specify data for a back-end application.
    • User Must Modify—User must enter additional data to access a back-end application.

    Autopolicy: Cookies and Headers Single Sign-On

    Resource

    Specifies the resources to which this policy applies to post header data to the specified URL when a user makes a request to a resource.

    Specify the resource.

    Header name

    Specifies the text for the Secure ccess device to send as header data.

    Enter the name.

    Header Value

    Specifies the value for the specified header.

    Enter the value.

    Autopolicy: Caching

    Name

    Specifies the policy name.

    Enter a name.

    Action

    Specifies the action to perform by the cache cleaner on the resource.

    Select one of the following option:

    • Smart Caching (send headers appropriate for content and browser)—Allows the Secure Access device to send a cache-control:no-store header or a cache-control:no-cache header based on the user’s Web browser and content type.
    • Don't Cache (send "Cache Control: No Store")—Delivers attachments to Internet Explorer without saving them to the disk. (The browser temporarily writes files to the disk, but immediately removes them once it has opened the file in the browser.)
    • Don't Cache (send "Pragma: No Cache")—Prevents the user’s browser from caching files to the disk.
    • Unchanged (do not add/modify caching headers)—Secure Access device forwards the origin server's caching headers as is.
    • Remove Cache-Control: No-Cache/No-Store— Removes the Cache Control:No Cache and Pragma:no-cache headers.

    Resource

    Specifies the resources to which this policy applies.

    Enter the resource name.

    Autopolicy: Java Applet Access Control

    Name

    Specifies the name of the policy.

    Enter the policy name.

    Server Resource

    Specifies the server resources to which this policy applies.

    Enter the path using the format: host:[ports].

    Action

    Allows or denies Java applets to connect to the servers

    Select one of the following options:

    • Allow Socket Access—Allows Java applets to connect to the servers (and optionally ports) in the resource list.
    • Deny Socket Access—Prevents Java applets from connecting to the servers (and optionally ports) in the resource list.

    Sign Java applets with uploaded code-signing certificate(s)

    Resigns the specified resources using the uploaded certificate.

    Select the Sign Java applets with uploaded code-signing certificate(s) check box to enable this option.

    Autopolicy: Rewriting Options > Passthrough Proxy tab

    Use virtual hostname

    Specifies the hostname alias for the application server. When the Secure Access device receives a client request for the application server hostname alias, it forwards the request to the specified application server port in the Base URL box.

    Enter the hostname.

    Use IVE port

    Specifies a unique Secure Access device port in the range 11,000-11,099.

    Enter the port in the range 11,000-11,099.

    Rewrite XML

    Allows Secure Access device to rewrite URLs contained within XML content. If this option is disabled, the Secure Access device passes the XML content “as is” to the server.

    Select the Rewrite XML tab check box to enable this option.

    Rewrite external links

    Allows Secure Access device to rewrite all the URLs presented to the proxy. If this option is disabled, the Secure Access device rewrites only those URLs where the hostname is configured as part of the passthrough proxy policy.

    Select the Rewrite external links check box to enable this option.

    Block cookies from being sent to the browser

    Allows Secure Access device to block cookies destined for the client’s browser. The Secure Access device stores the cookies locally and sends them to applications whenever they are requested.

    Select the Block cookies from being sent to the browser check box to enable this option.

    Host-Header forwarding

    Allows Secure Access device to pass the hostname as part of the host header instead of the actual host identifier.

    Select Host-Header forwarding to enable this option.

    Autopolicy: Rewriting Options > No rewriting (use JSAM) > JSAM Parameters

    Server Hostname or IP

    Specifies the DNS name of the application server or the server IP address.

    Enter the DNS name of the application server or the server IP address.

    Server Port

    Specifies the port on which the remote server listens for client connections.

    Enter the port.

    Localhost IP

    Specifies a static loopback address. If you do not provide a static IP loopback address, the Secure Access device assigns an IP loopback address dynamically.

    Enter the IP address.

    Client Port

    Specifies the port on which JSAM should listen for client application connections.

    Enter the port.

    Launch JSAM

    Automatically starts JSAM when the Secure Access device encounters the base URL.

    Select the Launch JSAM check box to enable this option.

    Autopolicy: Rewriting Options > No rewriting (use JSAM) > Allowed WSAM Servers

    Network Destination

    Specifies resources for which WSAM secures client/server traffic between the client and the Secure Access device. By default, the Secure Access device extracts the correct server from the Web access control policy. You may choose to use this server as-is, modify it, and/or add new servers to the list.

    Enter the hostname (the wild cards '*' or '?' are accepted) or an IP/netmask pair. Specify multiple ports for a host as separate entries.

    Autopolicy: Rewriting Options > No rewriting tab

    No rewriting

    Automatically creates a selective rewriting policy for the autopolicy’s URL.

    Select the No rewriting check box to enable this option.

    Autopolicy: Web Compression

    Name

    Specifies the policy name.

    Enter the policy.

    Action

    Allows the Secure Access device to compress the supported content type for the specified resource.

    Select one of the following options:

    • Compress—Secure Access device compresses the supported content types from the specified resource.
    • Do not compress—Secure Access device does not compress the supported content types from the specified resource.

    Resource

    Specifies the resources to which this policy applies.

    Enter the resource name.

    Settings tab > Type > Custom > Bookmarks > General

    Name

    Specifies the name of the bookmark.

    Enter the name.

    Description

    Describes the bookmark.

    Enter the description.

    URL

    Adds a suffix to the URL if you want to create links to subsections of the domain defined in the primary resource profile.

    Enter a suffix to the URL.

    Open New Window

    Allows the enable Secure Access device to automatically open the Web resource in a new browser window.

    Select the Open New Window check box to enable this option.

    Do Not Display Address Bar

    Removes the address bar from the browser.

    Select the Do Not Display Address Bar check box to enable this feature.

    Do Not Display Tool Bar

    Removes the menu and toolbar from the browser. This feature removes all menus, browsing buttons, and bookmarks from the browser window so that the user browses only through the Secure Access device.

    Select the Do Not Display Tool Bar check box to enable this feature.

    Applies to roles

    Specifies the roles to which you want to display the bookmark.

    Select any one of the following options:

    • All Web Profile roles— Displays the bookmark to all of the roles associated with the resource profile.
    • Subset of Web Profile roles—Displays the bookmark to a subset of the roles associated with the resource profile. Then select roles from the ALL Selected Roles list and click Add to move them to the Subset of selected roles list.
    Settings tab > Type > Custom > Bookmarks > Role Selections

    Role Selections

    Specifies the roles to which the resource profile applies.

    Select the role, and click Add.

    Published: 2013-01-03