How to do OR of two whitelists together?

rgiaimo
Participant I

We have two whitelists which are set to (default(DENY), IPrange(ALLOW))

We'd like to put both whitelists into the same proxy.

If we chain them together, then nothing will be allowed through because the list will be Intersected.

We'd like a Union function on IP Whitelists.

How can we accomplish this without having to make another whitelist which has both lists in it?

0 2 166
2 REPLIES 2

Hmm, I think you are asking about the AccessControl policy.

if I understand the problem, then I think you cannot do it with one single AccessControl policy. It is not possible to "OR" things together in a single policy. You *could* script this logic in JavaScript.

Another thing to try is to set continueOnError='true' in two distinct AccessControl policies, and then examine the output "acl.XXX.failed" context variables.

You would need to follow the set of AccessControl policies with a Conditional RaiseFault.

like this

<Flow>
  <Request>
    <Step><Name>AccessControl-1</Name></Step>
    <Step>
      <Name>AccessControl-2</Name>
      <Condition>acl.AccessControl-1.failed = true</Condition>
   </Step>
   <Step>
    <Name>RF-AccessControlFailed</Name>
    <Condition>acl.AccessControl-1.failed = true AND acl.AccessControl-2.failed = true</Condition>
  </Step>
   ...

I have never tried this but it seems like it would work.

I would suggest use JS for conditionally matching whitelisted IPs as if you need more IPs to be whitelisted, it would be panic to add multiple Access Control policy.