Search
Clear search
Close search
Google apps
Main menu
true

Policy ACL is not applied to a document

Summary: You have created a policy ACL for a pattern, and a document matching pattern is still being returned during public search.

Cause: The GSA does not perform any security checks for URLs marked as public. Policy ACLs are not applied and the document is available for public search.

To check the security status of a document:

  1. Go to the Index > Diagnostics > Index Diagnostics page in the Admin Console.
  2. Navigate to the document in question.
  3. In the "More information about this page" section, review the "Security at Serve Time" option.

    For public documents it displays "Public".

Fix: Ensure that the document is not marked as "Public" in Index Diagnostics.

There are multiple ways of securing a document.

  1. Secure it using http-basic, NTLM, or any other authorization method supported by the GSA crawler.

    Please refer to this document for more information about possible ways of crawling secured content.

  2. Send an incremental feed with the document and use the "httpbasic" authentication method.

    It can look like this:

    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE gsafeed PUBLIC "-//Google//DTD GSA Feeds//EN" "">
    <gsafeed>
      <header>
        <datasource>securing_documents</datasource>
        <feedtype>incremental</feedtype>
      </header>
      <group>
        <record url="{the URL you would like to secure}" mimetype="text/plain" authmethod="httpbasic">
        <metadata>
        <meta name="ChangeSecurity" content="secured"/>
        </metadata>
    </record>
    </group>
    </gsafeed>

    Please note that documents secured in this way will be treated as pushed via content feeds, so you will have to send additional metadata-and-url feeds to get the GSA to re-crawl the document.

    After the GSA recrawls the document it will be marked as public again, and you have to resend the incremental feed to mark it secure.

  3. You can use the X-Gsa-Serve-Security HTTP header as described in this document.

Additional Information: Please see this document for further information on GSA feeds protocol

Versions affected: 7.4, 7.6 releases

Was this article helpful?
How can we improve it?