This discussion is archived
1 Reply Latest reply: Feb 9, 2007 4:16 AM by 807574 RSS

iPlanet Web Server acl to deny access to class C IP addresses

807574 Newbie
Currently Being Moderated
Hi all,
having not chance to modify an ACL from the iPlanet Web Server GUI (the application just make the acl file and anything else....), I am trying to modify it directly to deny access to all users having IP address starting with 172.

The ACL file created from the iPlanet GUI is the following:

version 3.0;
acl "default";
authenticate (user, group) {
prompt = "iPlanet Web Server";
};
allow (read, list, execute,info) user = "anyone";
allow (write, delete) user = "all";

acl "es-internal";
allow (read, list, execute,info) user = "anyone";
deny (write, delete) user = "anyone";


I modified it by adding the following deny:

root@webone /usr/iplanet/servers/httpacl # more generated.https-altorendimento.acl
version 3.0;
acl "default";
authenticate (user, group) {
prompt = "iPlanet Web Server";
};
allow (read, list, execute,info) user = "anyone";
allow (write, delete) user = "all";

acl "es-internal";
deny (read) ip = "172.*";
deny (write, delete) user = "anyone";


but, after applying the changes, I am still (I am on a 172.*.*.* workstation) allowed to access the resource. Then I changed the deny in the following way:

root@webone /usr/iplanet/servers/httpacl # more generated.https-altorendimento.acl
version 3.0;
acl "default";
authenticate (user, group) {
prompt = "iPlanet Web Server";
};
allow (read, list, execute,info) user = "anyone";
allow (write, delete) user = "all";

acl "es-internal";
deny (read) user = "all";
deny (write, delete) user = "anyone";


nothing happened again. The access to the resource seems not related to the acl changes, although the acl are correctly referenced into the obj.conf file. Unfortunatelly, I do not have much experience in ACL.

Is there anyone able to help me with that issue?

Thank you so much
enrico