SA4500 7.0R4 (build 17289) - We have a content manager (Oracle UCM) where users can upload documents to a central location. Some of these documents are sensitive in nature and we do not want people to have access to the over the VPN. The location of the documents is not always the same place, meaning they could be in http://ucmserver/legal or http://ucmserver/HR, etc. Our developers are wanting to know if I can filter urls that have a key word in them such that anything with a url containing the word 'secure' would be inaccessible over the VPN. For instance http://ucmserver/legal/secure/doc1 would not be accessible but http://ucmserver/legal/doc1 would be. Does anyone know if this is possible over the Juniper SA appliances?
You may be able to achieve this if the URLs that you want to block have a consistant format.
For example, if you know that the "secure" directory for all the departments have the URL of the format http://<ServerName>/<Dept>/secure/<SecureFiles>, you could add an ACL under Resource Policies > Web > Web ACL with the Resource set to http://<ServerName>/*/secure/* and set the action to Deny for all roles. Make sure that this is set to the top of the ACL list. This should ensure that all users from the SA are denied access to these files.