ACCESS_CONTROL

The ACCESS_CONTROL element specifies a list of IP allowed to access applications or services using that EXECUTION component.

By default, an application or a service is accessible by anyone.

Important: Depending on the network configuration, the monitor is not always able to get the actual client IP address. If there is a proxy server between the client and the server, for example, the client IP address seen by the GAS may be the address from the proxy server.

To restrict the access you must define a list of IPs.

Syntax

<ACCESS_CONTROL> 
[ <ALLOW_FROM> ip_address </ALLOW_FROM> [...] ]
</ACCESS_CONTROL>

where ip_address is a valid IP address. It can be a complete IP address or a network address (ending with a dot).

Child elements

Zero or more ALLOW_FROM elements.

Example

<ACCESS_CONTROL> 
  <ALLOW_FROM>127.0.0.1</ALLOW_FROM>
  <ALLOW_FROM>10.</ALLOW_FROM>
  <ALLOW_FROM>192.168.</ALLOW_FROM>
</ACCESS_CONTROL>

In this example, an application or a service is reachable from the localhost (127.0.0.1), and all IP addresses that begin with "192.168." or "10.".