Secure Mobile Access 12.4 Administration Guide

Example: Restricting Access to Sensitive Data

The following example demonstrates how to use an access control rule, together with a Matching URL resource and End Point Control zone, to prevent a Web-based application from displaying restricted data to untrusted devices.

Prevent a Web-based application from retrieving data using a Matching URL resource

  1. In the AMC, navigate to Security Administration > Access Control.

  2. Click the + (New) icon.

    The Add Access Rule page displays.

  3. In the Position field, type a number to specify the rule’s position in the access rule list.

  4. Use the Action buttons to specify Deny.

    This will deny users access to any resource that matches the pattern you specify in the next step.

  5. Complete the information under Basic settings:

    1. Leave User selected (so that the rule applies to users trying to access a resource).

    2. The From field specifies the users to whom the rule applies. For this example, leave the value as Any user.

    3. In the To field, click Edit to specify the target resource for this rule.

      A Resources page displays.

    4. Click the + (New) icon.

    5. Select Matching URL. The Add Resource - Matching URL page displays.

    6. Type a name for the resource. For example, Patient Records.

    7. In the URL field, type the URL address of your Web-based application. For example, www.patient-records.com.

    8. In the Path and query string matching area, select Custom from the Type of match list.

    9. Click the + (New) icon.

    10. Select Path element. Type reports.aspx. (The path is not case-sensitive.)

    11. Click OK.

    12. Click the + (New) icon.

    13. Select Query string. Type last_name=. (The query string is case-sensitive.)

    14. Click OK

    15. Click Save.

      The Add Resource - Matching URL closes.

  6. In the End Point Control zones section, click Edit to select the zone from which you will deny access to the resource (Untrusted).
  7. When you create a rule that specifies a Matching URL resource type, the user must be allowed to use a browser as an access method. On the Advanced tab, in the Access method restrictions area, make sure that the Client software agents are either set to Any, or that Web browser is among the selected agents.
  8. Click Finish.

After you save and apply your changes, users who attempt to open the Patient Records resource (using a URL that matches http://www.patient-records.com/reports.aspx?last_name=) and who are classified into the Untrusted zone will be denied access.

  • Some Web-based applications automatically redirect users to other Web pages. Be certain to use the target URL address (the Web page to which users are redirected) when configuring the appliance to block email attachments. See Example: Working with a URL Redirect for more information.
  • You cannot configure a Matching URL resource to restrict access to sensitive data for users who connect to the appliance using OnDemand Tunnel or Connect Tunnel.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.