Logo

Parametric Search Appliance

This is custom script. Do not install updates.

 

Thunderstone Search Appliance Manual

<<Previous: Authorization Target ↑Up: Search Settings Next>>: Username Fixup

Unauthorized Result Query

For all Authorization Method types of Results Authorization, it is assumed a protocol-level denial will be issued when the Parametric Search Appliance accesses URL(s) that a user does not have access too. E.g. for HTTP URLs, a 401 Unauthorized message should be issued.

However, some servers may only issue a human-readable denial message, but otherwise return an ok (e.g. HTTP 200) protocol message. For such results the Parametric Search Appliance will assume the user has access, and will erroneously return the result.

To remedy this, Unauthorized Result Query may be set to a query that will match only denied pages (e.g. "Access Denied"). The Field/Type box should be set to the query type (substring vs. REX) and field (raw HTML vs. formatted text) for the search. The Query field is set to the actual substring or REX query.

Note that this setting imposes an extra search load, as each search result must be verified with a full-page GET instead of a HEAD, as well as queried against. Thus, Unauthorized Result Query should only be set if absolutely necessary.


Copyright © Thunderstone Software     Last updated: Jul 28 2017

<<Previous: Authorization Target ↑Up: Search Settings Next>>: Username Fixup
Page generated in 0.08 seconds.
2024-11-23 18:53:49 EST