How to unprotect "/" while protecting all other resources under it

Document ID : KB000010543
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How can we unprotect the root "/" without creating multiple rules to protect the rest of the resources?

This tip will show a protect all under root URL except root page.

Background:

A customer wants to allow access to https://www.test.com/ without requiring a login.
But anything under "/" must require login, for example https://www.test.com/abc. 

http://www.test.com/    <= to be unprotected 

http://www.test.com/abc <= to be protected
http://www.test.com/xxx <= to be protected 

Environment:
Policy server : r12.5 and above
Instructions:

1. Unprotect root resource. 
Create root realm (effective resource filter = "/" ) as unprotected so users would not be challenged. 

You can have '*' for the rule to unprotect all and have sub-realms. 

UnprotectRoot.png

2. Use Regular Expression with '.' for the rule. 

Create a rule with a regular expression to trigger only when there is a value. (expression = ".") 

Yes, a dot only. 

"." matches a single character. It does not matter what character it is, except a newline.

checkRegularEXP.png

It means "." would only match if there is a value. 

With this combination, the rule would not trigger when accessing https://www.test.com/
but it would for any request that is under it such as https://www.test.com/123.

Additional Information:

 

* Regular Expression can be tested on such website.

http://www.regextester.com/

* Ignore Unprotected Resources
The other scenario that if particular URI to be unprotected is described following document.

https://docops.ca.com/ca-single-sign-on/12-6-01/en/configuring/web-agent-configuration/performance/ignore-unprotected-resources/