Hello,

We have an reverse proxy on ISVA 10.0.2 where user needs to login to access protected resource which has a policy/POP which block access between 02:00 and 06:00 AM. 
The problem is ACL is triggered as soon as user tries to access resource and login page is presented due to ACL. and after login POP is triggered and user is redirected to LRR page with ERROR_CODE=0x38cf08cc

Here is the POP and ACL

pop create pop_maintenance_mode
pop modify pop_maintenance_mode set description "Use to set maintenance_mode on resources that requires authentication"
pop modify pop_maintenance_mode set tod-access mon,tue,wed,thu,fri,sat,sun:0600-0200
pop modify pop_maintenance_mode set attribute document-cache-control public
pop modify pop_maintenance_mode set attribute document-compression yes

acl create all_authenticated_acl
acl modify all_authenticated_acl set description "All LoggedIn Users"
acl modify all_authenticated_acl set user sec_master TcmdbsvaBl
acl modify all_authenticated_acl set group ivmgrd-servers Trl
acl modify all_authenticated_acl set group iv-admin Tcmdbvarxl
acl modify all_authenticated_acl set any-other Tr

pop attach /WebSEAL/proxy_id/list_account/ pop_maintenance_mode
acl attach /WebSEAL/proxy_id/list_account/ all_authenticated_acl

How can I make sure that POP is triggered before ACL and instead of presenting login page use is redirected to maintenance mode page?

------------------------------
Piyush Agrawal
https://www.linkedin.com/in/piyush-norway/
Gjensidige Norway
------------------------------

I believe ACL always applies before POP. You could try making your login page served from an LRR trigger itself and apply the POP to that URL which has an unauthenticated allowed ACL attached. I have not verified this but that is what I would try first.

------------------------------
Shane Weeden
IBM
------------------------------

Original Message:
Sent: Mon February 21, 2022 01:59 PM
From: Piyush Agrawal
Subject: POP before ACL for Maintenance Mode

Hello,

We have an reverse proxy on ISVA 10.0.2 where user needs to login to access protected resource which has a policy/POP which block access between 02:00 and 06:00 AM. 
The problem is ACL is triggered as soon as user tries to access resource and login page is presented due to ACL. and after login POP is triggered and user is redirected to LRR page with ERROR_CODE=0x38cf08cc

Here is the POP and ACL

pop create pop_maintenance_mode
pop modify pop_maintenance_mode set description "Use to set maintenance_mode on resources that requires authentication"
pop modify pop_maintenance_mode set tod-access mon,tue,wed,thu,fri,sat,sun:0600-0200
pop modify pop_maintenance_mode set attribute document-cache-control public
pop modify pop_maintenance_mode set attribute document-compression yes

acl create all_authenticated_acl
acl modify all_authenticated_acl set description "All LoggedIn Users"
acl modify all_authenticated_acl set user sec_master TcmdbsvaBl
acl modify all_authenticated_acl set group ivmgrd-servers Trl
acl modify all_authenticated_acl set group iv-admin Tcmdbvarxl
acl modify all_authenticated_acl set any-other Tr

pop attach /WebSEAL/proxy_id/list_account/ pop_maintenance_mode
acl attach /WebSEAL/proxy_id/list_account/ all_authenticated_acl

How can I make sure that POP is triggered before ACL and instead of presenting login page use is redirected to maintenance mode page?

------------------------------
Piyush Agrawal
https://www.linkedin.com/in/piyush-norway/
Gjensidige Norway
------------------------------