1 Reply Latest reply: Feb 9, 2007 6:16 AM by 807574 RSS

    iPlanet Web Server acl to deny access to class C IP addresses

    807574
      Hi all,
      having not chance to modify an ACL from the iPlanet Web Server GUI (the application just make the acl file and anything else....), I am trying to modify it directly to deny access to all users having IP address starting with 172.

      The ACL file created from the iPlanet GUI is the following:

      version 3.0;
      acl "default";
      authenticate (user, group) {
      prompt = "iPlanet Web Server";
      };
      allow (read, list, execute,info) user = "anyone";
      allow (write, delete) user = "all";

      acl "es-internal";
      allow (read, list, execute,info) user = "anyone";
      deny (write, delete) user = "anyone";


      I modified it by adding the following deny:

      root@webone /usr/iplanet/servers/httpacl # more generated.https-altorendimento.acl
      version 3.0;
      acl "default";
      authenticate (user, group) {
      prompt = "iPlanet Web Server";
      };
      allow (read, list, execute,info) user = "anyone";
      allow (write, delete) user = "all";

      acl "es-internal";
      deny (read) ip = "172.*";
      deny (write, delete) user = "anyone";


      but, after applying the changes, I am still (I am on a 172.*.*.* workstation) allowed to access the resource. Then I changed the deny in the following way:

      root@webone /usr/iplanet/servers/httpacl # more generated.https-altorendimento.acl
      version 3.0;
      acl "default";
      authenticate (user, group) {
      prompt = "iPlanet Web Server";
      };
      allow (read, list, execute,info) user = "anyone";
      allow (write, delete) user = "all";

      acl "es-internal";
      deny (read) user = "all";
      deny (write, delete) user = "anyone";


      nothing happened again. The access to the resource seems not related to the acl changes, although the acl are correctly referenced into the obj.conf file. Unfortunatelly, I do not have much experience in ACL.

      Is there anyone able to help me with that issue?

      Thank you so much
      enrico