What is duplicate action?
As mentioned in the doc, if the action of one rule is set a HTTP header variable text string and the action of another rule is set the variable to a different value, a conflict occurs when both rules return values. Setting duplicate action helps conflict resolution.
A more detail example:
- You have the first AuthZ Expression - Allow Everyone with Action to return a value HELLOALL in HTTP_TEST.
- You have a second AuthZ Expression - Allow Admin with Action to return a value HELLOADMIN in HTTP_TEST.
- You have a AuthZ Rule in the Policy using (Allow Everyone & Allow Admin)
- WebGate supports only single value in header variable. By default, WebGate only return the last value. However, you can set duplicate action to "Ignore Duplicate" so that only the FIRST value can return (of coz, you can also set duplicate action to "Override" so that only the last instance will be returned. If you are using AccessGate, you can also set it to "Duplicate" to return all values).
How about HTTP header with Custom AuthZ Plugin?
However, please be reminded that the duplicate action will NOT handle HTTP header which set with Custom AuthZ Plug-in (a sample of AuthZ plugin which returns HTTP header variable can be found in metalink doc id 781073.1).
No comments:
Post a Comment