cancel
Showing results for 
Search instead for 
Did you mean: 

WSAM and Web access policies

Highlighted
Not applicable

WSAM and Web access policies

Hi. I'm testing deployment of an application using the web access control auto policy, with a number of subfolders defined as denied or allowed on the one top-level URL. It looks like the app needs WSAM to function, but when I enable WSAM, the detailed web ACL no longer functions and access to everything under the top-level URL is allowed.

Is there a way to enable WSAM whilst still having the web acl enforced on subfolders under the same top-level url (eg http://test.test.com/login allowed; http://test.test.com/secret denied)? I'd have thought not, but cannot find any Juniper docs to confirm that the WSAM ACL excludes use of the Web ACL.

1 REPLY 1
Highlighted
Respected Contributor

Re: WSAM and Web access policies

[quote]:

Is there a way to enable WSAM whilst still having the web acl enforced on subfolders under the same top-level url (eg http://test.test.com/loginallowed; http://test.test.com/secret denied)? I'd have thought not, but cannot find any Juniper docs to confirm that the WSAM ACL excludes use of the Web ACL._

[/quote]

Short answer: No

Long answer: Once you use WSAM, the web ACLs are not used. The web ACLs are for traffic through the rewriting engine only; anything outside this, e.g. traffic through WSAM, is not affected.

You are correct that WSAM enables access to all paths on the server; there is no directory/path support for WSAM or Network Connect ACLs.