Oracle iPlanet Web Server: Unable To Create An ACL Based On The Referer Header In An Incoming Request (Doc ID 1519693.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle iPlanet Web Server - Version 6.1 to 7.0 [Release 6.1 to 7.0]
Information in this document applies to any platform.

Symptoms

According to the iPlanet Web Server documentation, it is possible to create an ACL based on the 'Referer' header in the incoming request.

http://docs.oracle.com/cd/E19146-01/821-1829/abwat/index.html

You can also define your own attributes for authentication. The following example shows how you could authenticate users based on an e-mail address or on the URL that referred them to the resource:

  allow (read) referrer="*www.acme.com*"


When an ACL is configured within the Web Server to use the 'Referrer' header in the incoming request, the request fails and a 500 response it sent back to the client.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms