ALLOW_FROM

The ALLOW_FROM element specifies rules for access to GAS applications or services from specific hosts.

Syntax

<ALLOW_FROM>["NOBODY"|"ALL"|ip-address]</ALLOW_FROM>
  1. The ip-address is a valid IPv4 or IPv6 address. For IPv4 it can be a complete IP address or a network address (ending with a dot). Access can also either be globally denied or allowed by the following keywords:
    • NOBODY
    • ALL

Usage

The default access is set to NOBODY by the resource res.access.control. However, you can change this setting to ALL to allow access to all hosts or specify individual hosts that have access to your GAS applications or services. An example is shown using the default resource.

Example default usage

The resource is set by default as follows:
<RESOURCE Id="res.access.control" Source="INTERNAL">NOBODY</RESOURCE>

To allow all users access to your applications and services, change res.access.control from NOBODY to ALL.

Set the ALLOW_FROM to the resource as follows:
<ALLOW_FROM>$(res.access.control)</ALLOW_FROM>
The default GAS deployment for demo applications and MONITOR references this resource.
Note:

Access control rules will be ignored by the standalone dispatcher (httpdispatch).

Important:

The standalone GAS is for development only; provided to simplify your development setup and configuration. For deployment and production systems, you must include a web server.

How access control rules are applied

If more than one ALLOW_FROM element is specified, the following describes the order rules are applied:
  1. NOBODY always gets the highest priority regardless of other rules, which means that nobody gets access.
  2. ALL gets priority over specific IP addresses when the keyword NOBODY is not provided, which means that access is allowed to all.
  3. If neither the keyword NOBODY nor ALL is provided, the remaining access control rules are applied.

Parent elements

This element is a child of the following: