Gateway uses an XML configuration file to guide its actions. Among other
entries, the file specifies the group files and associated actions the filter
will take when evaluating HTTP requests. By default, the file is named
config.xml and can be found at the following location: ..\Program
Files\Citrix\Secure Mobile Gateway\config\.
The GroupRef nodes
define the logical group names - by default, the AllowGroup and the DenyGroup.
Note: The order of
the GroupRef nodes as they appear in the GroupRefList node is significant.
The id value of a
GroupRef node identifies a logical container or collection of members that are
used for matching specific user accounts or devices. The action attributes
specifies how the filter will treat a member that matches a rule in the
collection. For example, a user account or device that matches a rule in the
AllowGroup set will "pass" (be allowed to access the Exchange CAS), while a
user account or device that matches a rule in the DenyGroup set will be
"rejected" (not allowed to access the Exchange CAS).
When a particular
user account/device or combination meets rules in both groups, a precedence
convention is used to direct the request's outcome. Precedence is embodied in
the order of the GroupRef nodes in the config.xml file from top to bottom. The
GroupRef nodes are ranked in priority order. Thus, the nodes shown in the
figure above (which depicts the default order) are such that rules for a given
condition in the Allow group will always take precedence over rules for the
same condition in the Deny group.
config.xml defines Group nodes. These nodes link the logical containers
AllowGroup and DenyGroup to external XML files. Entries stored in the external
files form the basis of the filter rules.
Note: In this
release, only external XML files are supported.
installation implements two XML file in the configuration - allow.xml and