Allow/restrict IP addresses

One way to secure AD360 and its integrated components is by allowing or restricting inbound connections to specific IPs or IP ranges. This adds an extra layer of security by allowing connection from only trusted sources and blocking unwanted and malicious traffic.

The IP restriction can be applied for the entire product, specific URLs of the product, or APIs.

Controlling access to the product

  1. Navigate to Admin → Administration → Logon Settings.
  2. Click the Allow/Restrict IPs tab.
  3. Under the Actions column, click the [icon to enable IP restriction.
  4. restricted-ips

  5. In the pop-up that appears, select either Allowed IPs or Restricted IPs option.
  6. Enter the IP addresses as per your requirement.
    • Adding multiple IP ranges: Click [icon if you want to allow or restrict access to multiple IP address ranges.a
    • Allow/restrict individual IPs: Click Add Individual IPs if you want to allow or restrict access to individual IP addresses. You can add multiple individual IP addresses by separating the values using comma.
    • Refer to the Appendix for more information.

    allow-ips

  7. Finally, click Save to save the settings.
  8. If you have changed the proxy settings of AD360 or any of its integrated components for which you are enabling IP-based restriction, then:
    • Add the following line to the server.xml file (default location: <InstallationDirectory>/conf/server.xml).
    • <Valve className="org.apache.catalina.valves.RemoteIpValve"
      internalProxies="192\.168\.0\.10|192\.168\.0\.11"
      trustedProxies="172\.168\.0\.10|176\.168\.0\.11" />

      • Edit the values of internalProxies and trustedProxies as per your environment.
      • Enter IP address while specifying the values for internalProxies and trustedProxies, and use the vertical bar (|) character to enter multiple values.
    • Restart for the changes to take effect.
    • Repeat steps a and b for the integrated components as well.

Controlling access to APIs and product URLs

  1. Navigate to Admin → Administration → Logon Settings.
  2. Click the Allow/Restrict IPs tab.
  3. Under the Actions column, click the [icon to enable IP restriction.
  4. Allow/restrict IP

  5. In the pop-up that appears, check the Enable API/URL Access for Selected IPs box.
  6. Allow/restrict IP

  7. Enter the API/Product URLs in the box provided.

    Sample URL paths: /Admin.do, /Configuration.do, /Dashboard.do
    Sample API paths: /RestAPI/WC/Integration, /RestAPI/WC/LogonSettings

    Note:

    • Use * as a wildcard character to restrict access to a broader range of APIs or URLs. For example, use /RestAPI/WC/* to restrict all API calls that start with /RestAPI/WC/.
    • The API/URL path should start with /. For example, /Admin.do and /RestAPI/WC/.
    • Enter only the path of the API or URL. For example, if the entire product URL is https:testserver:8082/Admin.do, then enter only /Admin.do.
    • Only alphanumeric (A-Z,a-z, 0-9) and special characters—period (.), slash (/) and asterisk (*)—are allowed.
  8. Enter the IP addresses as per your requirement. Click [] icon if you want to allow access to multiple IP address ranges.
  9. Finally, click Save to save the settings.
  10. If you have changed the proxy settings of AD360 or any of its integrated components for which you are enabling IP-based restriction, then:

Managing IP restriction

You can also make the following changes to this setting:

Appendix