How can we unprotect the root "/" without creating multiple rules to protect the rest of the resources?
This tip will show a protect all under root URL except root page.
A customer wants to allow access to https://_host.example.com/ without requiring a login.
But anything under "/" must require login, for example https://_host.example.com/abc.
http://_host.example.com/ <= to be unprotected
http://_host.example.com/abc <= to be protected
http://_host.example.com/xxx <= to be protected
1. Unprotect root resource.
Create root realm (effective resource filter = "/" ) as unprotected so users would not be challenged.
You can have '*' for the rule to unprotect all and have sub-realms.
2. Use Regular Expression with '.' for the rule.
Create a rule with a regular expression to trigger only when there is a value. (expression = ".")
Yes, a dot only.
"." matches a single character. It does not matter what character it is, except a newline.
It means "." would only match if there is a value.
With this combination, the rule would not trigger when accessing https://_host.example.com/
but it would for any request that is under it such as https://_host.example.com/123.
* Regular Expression can be tested on websites found over the internet.
* Ignore Unprotected Resources
The other scenario that if particular URI to be unprotected is described following document.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/performance/ignore-unprotected-resources.html