ACCESS_CONTROL
The ACCESS_CONTROL
element specifies access from a list of IP allowed to
access applications or services.
Syntax
<ACCESS_CONTROL>
[
<ALLOW_FROM>...</ALLOW_FROM>]
[...]
</ACCESS_CONTROL>
Child elements
-
Zero or more ALLOW_FROM elements.
Usage
ALLOW_FROM
elements.<ACCESS_CONTROL>
<ALLOW_FROM>127.0.0.1</ALLOW_FROM>
<ALLOW_FROM>10.</ALLOW_FROM>
<ALLOW_FROM>192.168.</ALLOW_FROM>
<ALLOW_FROM>fdbd:2768:c176:1::323a</ALLOW_FROM>
</ACCESS_CONTROL>
Depending on the network configuration, it is not always possible to get the actual client IP address. If there is a proxy server between the client and the server, for example, the client IP address seen by the GAS may be the address from the proxy server.
Example configuring access control for demo applications
NOBODY
by
default. Access control rules will be ignored by the standalone dispatcher (httpdispatch).
To allow access from the localhost, in the GAS (default $FGLASDIR/etc/as.xcf) configuration file you need to change the application element for demo from:
<!--Sample application for GWC-->
<APPLICATION Id="demo" Parent="defaultwa">
<EXECUTION>
<ENVIRONMENT_VARIABLE Id="FGLPROFILE" Concat="APPEND">$(res.path.fgldir.demo.services)/fglprofile</ENVIRONMENT_VARIABLE>
<!--ENVIRONMENT_VARIABLE Id="FGLGWSDEBUG">3</ENVIRONMENT_VARIABLE-->
<PATH>$(res.path.fgldir.demo)</PATH>
<MODULE>demo.42m</MODULE>
<ACCESS_CONTROL>
<ALLOW_FROM>$(res.access.control)</ALLOW_FROM>
</ACCESS_CONTROL>
</EXECUTION>
</APPLICATION>
<!--Sample application for GWC-->
<APPLICATION Id="demo" Parent="defaultwa">
<EXECUTION>
<ENVIRONMENT_VARIABLE Id="FGLPROFILE" Concat="APPEND">$(res.path.fgldir.demo.services)/fglprofile</ENVIRONMENT_VARIABLE>
<!--ENVIRONMENT_VARIABLE Id="FGLGWSDEBUG">3</ENVIRONMENT_VARIABLE-->
<PATH>$(res.path.fgldir.demo)</PATH>
<MODULE>demo.42m</MODULE>
<ACCESS_CONTROL>
<ALLOW_FROM>127.0.0.1</ALLOW_FROM>
</ACCESS_CONTROL>
</EXECUTION>
</APPLICATION>
Example configuring access control for Genero Identity Provider
Access to the Genero Identity Provider (GIP) applications is specified by
the resource res.access.control. This is set with the value
NOBODY
by default.
To allow users to have access, you need to change the GAS (default $FGLASDIR/etc/as.xcf)
configuration file for res.access.control
to
ALL
:
<RESOURCE Id="res.access.control" Source="INTERNAL">ALL</RESOURCE>
Parent elements
This element is a child of one of the following elements: