URL Condition

The URL condition allows you to restrict access based on the URL specified in the request. If you have users requesting a resource with a URL you don’t want them to use, you can use this condition in an Access Gateway Authorization policy to deny them access to this URL, and use the Actions section to redirect the request to the URL you want them to use.

To set up matching for this condition, specify the following details:

Comparison: Specify how the URL is compared to the data in the Value field. Select one of the following types:

  • Comparison: URL: Equals: Specifies that you want the values compared as URLs.

  • Comparison: Regular Expression: Matches: Specifies that you want the values compared as regular expressions.

Mode: Select the mode appropriate for the comparison type:

  • Comparison: URL: Equals: Specify whether case is important by selecting Case Sensitive or Case Insensitive.

  • Comparison: Regular Expression: Matches: Select one or more of the following:

    • Canonical Equivalence
    • Case Insensitive
    • Comments
    • Dot All
    • Multi-Line
    • Unicode
    • Unix Lines

    For regular expression syntax information, see the Javadoc for java.util.regex.Pattern.

    The URL query strings can also be used in comparisons. Select Regular Expression Match to implement it. For example, if you want to match against a query string parameter xyz, whose value is abc, you need to enter the following regular expression in the Data Entry field:

     ".*\?.*xyz=abc.*"

    This follows the java regular expression pattern. For more information, see The API specification for the Java 2 Platform for the Java Regular Expression syntax.

Value: To enter a static value to compare to the URL in the current request, select Data Entry Field and specify the URL. This must be the complete URL, starting with the URL scheme (http:// or https://) and including the domain name, but not the port. If the URL contains a path, you must include it. If you do not specify a scheme, HTTP is used.

If you selected Regular Expression: Matches, regular expression rules apply.

If you selected URL: Equals for your comparison type, the wildcard characters (?) or (*) can be specified as the last element of the URL path to aid in matching basic URL patterns. These wildcard characters are interpreted as follows:

  • ? matches all files at the specified directory level

  • * matches all files and directories at and beyond the specified directory level

For example, if the request URL is http://www.resourcehost.com/path/resource.gif, the following entered URLs would match the request URL:

http://www.resourcehost.com/path/resource.gif
http://www.resourcehost.com/path/?
http://www.resourcehost.com/path/*
http://www.resourcehost.com/*

If you selected URL:Equals for the comparison type, you can add multiple values:

  • Use the Edit button to access a text box where you can enter multiple values, each on a separate line. For more information, see Edit Button.

  • Use the Add button to add values one at a time.

  • Use the URL Dredge button to display a list of links to use as values. For more information about this option, see Using the URL Dredge Option.

All entered URLs are compared to the request URL until a match is found or the list is exhausted.

If you have defined an LDAP attribute for a URL, you can select these options for the value type, then select your attribute.

Result on Condition Error: Specify what the condition returns when the comparison of the two values returns an error rather than the results of the comparison. Select either False or True. If you do not want the action applied when an error occurs, select False. If you want the action applied when an error occurs, select True.