Re: Htacces and WCAG 2 from W Reagan on 2009-08-14 (w3c-wai-ig@w3.org from July to September 2009)

From: W Reagan <wreagan1@yahoo.com>
Date: Thu, 13 Aug 2009 23:05:16 -0700 (PDT)
To: w3c-wai-ig@w3.org
Message-ID: <917366.10232.qm@web111603.mail.gq1.yahoo.com>

I recently discovered the corresponding rule at WCAG 2.0; SVR2. The difference between SVR2 and what the security team has set up is to cause certain users a general failure, even if the page was AAA accessible.  Some users are getting a Forbidden error message, while others users are welcome to the site.
 
The security team implemented an IP blocking address in some parts of the U.S., all of Asia, and all of Europe. So only specific regions in the U.S., all of Asia, and all of Europe have been a security risk to our site. Therefore, we are using deny IP address, and deny by domain.
 
What can the security team do to maintain security while I mantain accessibility?

--- On Wed, 8/12/09, W Reagan <wreagan1@yahoo.com> wrote:


From: W Reagan <wreagan1@yahoo.com>
Subject: Re: Htacces and WCAG 2
To: w3c-wai-ig@w3.org
Date: Wednesday, August 12, 2009, 5:16 PM







Ben, if we denied /googlemail.com you could not see our site. This is the type of information our security team has set up. Does it conflict with any accessibility standards?
 
As I mentioned earlier, our security team keeps track of users by IP address and also check out other sites where our domain is posted, but should not be.
 
What can we do to maintain security while maintaing accessibility
 
What criteria(s) are in conflict, if any?

--- On Wed, 8/12/09, Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com> wrote:


From: Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com>
Subject: Re: Htacces and WCAG 2
To: "W Reagan" <wreagan1@yahoo.com>
Cc: w3c-wai-ig@w3.org
Date: Wednesday, August 12, 2009, 4:32 PM


On 12/08/2009 15:39, W Reagan wrote:
[snip irrelevant detail]
> We need to protect our security and maintain accessibility.

You're asking us for help. But you need to help us help you.

Please answer my simple questions:

1. "[Do you] have special reason to think that blocking by IP or referrer would reduce the accessibility of your website to people with disabilities?"

2. "Which of the success criteria listed at http://www.w3.org/TR/WCAG20/ do you think might conflict with blocking HTTP requests by IP or referrer?"

It's not obvious why you would think this, so please explain your thought process.

--
Benjamin Hawkes-Lewis

Received on Friday, 14 August 2009 06:05:58 UTC