ALLOW_FROM

The ALLOW_FROM element specifies rules for access to GAS applications or services from specific hosts.

Syntax

<ALLOW_FROM>["NOBODY"|"ALL"|ip-address]</ALLOW_FROM>
  1. The ip-address is a valid IPv4 or IPv6 address. For IPv4 it can be a complete IP address or a network address (ending with a dot). Access can also either be globally denied or allowed by the following keywords:
    • NOBODY
    • ALL

Usage

You use this element to specify the specific hosts who have access to your GAS applications or services. An example is shown using the default resource res.access.control. For more examples see Access Control.

Example default usage

<ALLOW_FROM>$(res.access.control)</ALLOW_FROM>
The resource res.access.control is defined with the value NOBODY by default. The default GAS deployment for demo applications and MONITOR references this resource.
Note: Access control rules will be ignored by the standalone dispatcher (httpdispatch).
Important: The standalone GAS is for development only, provided to simplify your development setup and configuration. For deployment and production systems, you must include a Web server.

How access control rules are applied

If more than one ALLOW_FROM element is specified, the following describes the order rules are applied:
  1. NOBODY always gets the highest priority regardless of other rules, which means that nobody gets access.
  2. ALL gets priority over specific IP addresses when the keyword NOBODY is not provided, which means that access is allowed to all.
  3. If neither the keyword NOBODY nor ALL is provided, the remaining access control rules are applied.

Parent elements

This element is a child of the following: