What are ACLs and how do they work?

  • Type: Video
  • Date: September 2016
What are ACLs and how do they work? This is a common question and an important one to answer.

 

“What are ACLs and how do they work?” This is a common question and an important one to answer. 
 
ACL stands for Access Control List. KioWare has several ACLs and each of them play a role in managing how and what your kiosk users are allowed to access.
 
There are three ACLs in the Security tab of the KioWare configuration tool. The first is a Protocol Access List, which lets you decide which protocols KioWare will allow. When blocking is disabled, all protocols are allowed. When blocking is enabled, protocols on the list are allowed, in addition to http, https, file, res, and data. A Protocol Access List isn’t commonly needed, so it’s likely you won’t use this type of ACL at all.
 
The second ACL in the Security tab is a Browsing Access List, which lets you create a list of domains and pages that KioWare will allow users to navigate to. You will almost definitely use a Browsing Access List in your configuration of KioWare, so we’ll come back to this type of ACL in a moment.
 
Also in the Security tab, the third ACL is a Scripting Access List, which lets you create a list of domains and pages that are allowed to use various KioWare-specific functions. When KioWare executes a scripting function, the Scripting Access List tells KioWare if it should allow the function to run or block it. A Scripting Access List isn’t commonly needed unless using the KioWare JavaScript API, so it’s likely you won’t use this type of ACL at all. Refer to the KioWare for Windows User Guide for more information, a list of scripts, and to learn which Trust level is required by each function. 
 
In the Browser tab of the KioWare configuration tool, you’ll find the Popup Access List, which lets you decide how KioWare will handle tabs and/or popups while browsing. 
---
The most commonly used ACL for KioWare configuration is a Browsing Access List so we’ll go through an example of how to set one up.
 
As a reminder, a Browsing Access List specifies which domains and pages your kiosk user is allowed to navigate to. These browsing restrictions are often essential to your configuration of KioWare.
 
To start setting up your Browsing Access List, open the KioWare for Windows configuration tool and click on the Security tab. Click on the Browsing Access button. By default, all domains are allowed. 
 
Click on the New Domain button. Type in a domain without the protocol. The first one you add will likely be the domain of your Start Page URL. Most KioWare users need to create a list that allows all pages for only a few domains, and all other domains are blocked, so for this example, we’ll set All Pages on this domain to Allow. 
 
You would repeat the process of clicking on the New Domain button and entering a domain until all of the domains are listed that you want your kiosk user to have access to. 
 
If there are certain pages within a domain that you need to Allow or Block, click the Add Page button. In this example, since we are setting up domains to Allow, we would only need to add a Page that we want to block. You’ll notice that when you click Add Page, your new page icon is red, meaning it’s blocked. 
 
Make sure Everything Else is set to Blocked, meaning that in this case, all of the listed domains above are allowed, while all other domains are blocked.  
 
KioWare supports matching in two different ways: matching a name which contains some text, and matching using Regular Expressions. You’ll notice this feature beside domains and pages. If you need help with matching, please refer to the KioWare for Windows User Guide for more information. 
 
The Protocol, Browsing, Scripting, and Popup Access Control Lists are valuable tools you’ll likely need to use to get the most out of KioWare’s lockdown functionality. If you have any questions about ACLs, just contact us and we’ll be happy to help.