The installer will then ask you to setup what paths are to be protected. The default path '/' will protect all pages in the web site. Note: These values are not physical path values. The CAS ISAPI filter will compare incoming URLs against the values in this string and enforce authentication if any part of the incoming URL matches the string value.