The present invention matches sets of authentication, authorization, and auditing rules to resources in an Access System based on the contents of POST data received in HTTP POST requests. The system of the present invention receives a POST request and matches a set of rules to a resource using POST data referenced by the HTTP request. In one embodiment, the matching is performed by accessing required matching data. A portion of the POST data is selected and compared with the required data. If all of the required data is matched to the POST data, then the resource is successfully matched. The present invention further authorizes a user to access resources in an Access System based on the contents of POST data. An authorization rule is retrieved and authorization is performed using the POST data. If the authorization is successful, the system grants the user access to the resource.