Forum Discussion
NimbostratusASM unauthenticated URLs with login enforcement
Hi, I am look for away to allow some unauthenticated access for css etc. under a path that has login enforcement enabled on it.
eg.
/site/login.aspx /site/logout.aspx /site/content/* /site/scripts/* /site/images/* /site/other_urls_I_want_to_protect_a.aspx /site/other_urls_I_want_to_protect_b.aspx /site/other_urls_I_want_to_protect_c.aspx /site/other_urls_I_want_to_protect_d.aspx /site/other_urls_I_want_to_protect_e.aspx
/site/ ( and so one )
So currently I have the login page configure as /site/login.aspx, with authenticated access required for /site/* and a logout page configured as /site/logout.aspx
But the login page need to load a lot of resource from /content/, /scripts/ and /images/.
But ASM is going its job and blocking them.
Where/how can I create a list of file/paths that are unauthenticated access too.
Lachlan
1 Reply
David_MartinThis is and old post but hope it helps other people.
To exclude the urls referred by your login page you can add them one by one to the login pages with no-authenticated type and a fake status code (asm force to write down some data).
This pages will not trigger login bypass violations and will not authenticate the user.
