Allow/restrict IP addresses
One way to secure AD360 is to allow or restrict access based on the IP address. You can grant access to only verified IP addresses, or block access to a specific IP address or range of IP addresses that you suspect to be malicious. IP-based access restriction can be configured not just for AD360 but also for the integrated components as well.
- Navigate to Admin → Administration → Logon Settings.
- Click the Allow/Restrict IPs tab.
- Under the Actions column, click the [
] icon to enable IP restriction.
- In the pop-up that appears, select either Allow IP Range or Restrict IP Range.
- Enter the IP address range in the two text fields provided.
- Adding multiple IP ranges: Click [
] icon if you want to allow or restrict access to multiple IP address ranges. - Allow/restrict individual IPs: Click Add Individual IPs if you want to allow or restrict access to individual IP addresses. You can add multiple individual IP addresses by separating the values using comma.
- Finally, click Save to save the settings.
-
If you have configured proxy server in your environment, then:
- Add the following line to the server.xml file (default location: <AD360_InstallationDirectory>/conf/server.xml).
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="192\.168\.0\.10|192\.168\.0\.11"
trustedProxies="172\.168\.0\.10|176\.168\.0\.11" />
Edit the values of internalProxies and trustedProxies as per your environment.
Enter IP address while specifying the values for internalProxies and trustedProxies, and use the vertical bar (|) character to enter multiple values. - Restart AD360 for the changes to take effect.
- Add the following line to the server.xml file (default location: <AD360_InstallationDirectory>/conf/server.xml).
Note:
- Use * as wildcard character: Individual IP addresses can include wildcard characters, so that all addresses within a certain class of address will be restricted. For example, denying access to address 192.168.2.* denies access to all addresses for that subnet.
- You can also enter hostname instead of IP addresses.
- You can allow or restrict only IPv4 addresses. IPv6 is not supported.
You can also make the following changes to this setting:
- Disable/enable IP-based restriction: Use the icon under the Actions column to enable or disable IP-based restriction. [
] icon means IP-based restriction is enabled for a component and [] icon means IP-based restriction is disabled. - Edit IP-based restriction settings: Click [
] icon to add, delete, or edit the IP ranges and individual IP addresses. - Summary details: Click the link under the Allow/Restrict IPs column to view the IPs that are allowed or restricted from accessing a component.