Can we regulate (block/allow) web/http access by user/group?

anon-1942 · June 22, 2023, 1:10pm

Is there a method to block/deny access to web/http (or other internet protocols) for specific users/groups?

anon-1869 · June 22, 2023, 1:29pm

Hello @Duco Bergsma

You can follow the steps given below:

1. Create a access group or multipurpose group and then add it to ACL of iwaredir.nsf and domcfg.nsf and applied noAccess in ACL of these databases.

2. Enable the Don't Allow URL Open setting in Database Properties > Basics tab.

anon-1942 · June 22, 2023, 2:07pm

1. will only block access to default webmail route; not to other dbs that might be directly referenced per url

2. will block db for legit users

anon-2324 · June 22, 2023, 1:39pm

Hello
I think it can be done in the way described in the following community response.

https://support.hcl-software.com/community?id=community_question&sys_id=14ccc5f21b1bed10534c4159cc4bcbf7&anchor=answer_44f3c3be1b936150534c4159cc4bcbcc&view_source=searchResult

set the users and/or groups at "Not Access server" of The Server document. Thanks

anon-1942 · June 22, 2023, 2:08pm

This will block NRPC server access as well

Shrikant · June 22, 2023, 3:06pm

Hello Duco,

This is an enhancement and currently you can't block internet protocols (http/pop3/imap etc) access to some specific users/group as these protocols are enabled on the server for all users. You can't restrict these services to specific users/group.

You may try the below workaround for http access.

**If you are using Traveler in your environment I hope these users/group will be restricted to access the Traveler service.

You can set the Domino directory ACL Default access to "Reader" and change these users internet password in the person document as per your requirement. You may utilize an agent to achieve it multiple person documents.

Make sure there is no security setting policy for these users which allows updating internet password when their Notes ID password is changed.

Along with this you can also set internet lockout feature so that if user has tried to access the http service with wrong password users internet access will be locked out.

Enhancement request - SPR # ELAV9K6S5P

https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-892

Thank you

Regards

Shrikant J

eschwalb · June 23, 2023, 2:50pm

You can define which users or groups are allowed or denied access to Domino as described here:

Setting up Notes user, Domino server, and Internet user access to a Domino server (hcltechsw.com)

anon-2384 · June 24, 2023, 12:40pm

you can use firewall rules to block specific users or groups from accessing certain protocols.