Help > Websites > Security > IP Restrictions
Perceptive Enterprise SearchLocal Administration ConsoleOther Products

IP Restrictions

To restrict access to specific computers or networks, use the Web Site's IP Restrictions. The default IP Restriction is to allow requests from anyone, allowing unrestricted access.

To allow access only to specific people or groups, click "Add IP Security Rule". Create a new entry for each group of IP address or domains, for which you wish to allow access. You may need to remove the "*" rule to disable the all access.

To deny access to specified groups, click "Add IP Security Rule". Create a new entry for each group of IP addresses or domains, for which you wish to deny access. You can identify groups of sites by specifying subnets (partial IP addresses), or host names. For example, allowing access to "192.1." allows access to the entire "192.1" subnet, including 192.1.1.15, 192.1.51.12, and any other IP address prefixed by "192.1.". You can combine Allow and Deny restrictions for further control. For example, you can allow access to any machine in the "192.1." subnet, except "192.1.2.3".

Note: If you specify a subnet rather than a complete IP address, the subnet address must have a trailing period (full stop, dot) e.g. "204.121." not "204.121"

When a user accesses the website, Perceptive Enterprise Search scans the list of permission rules checking if the given requesting IP address is permitted. Perceptive Enterprise Search scans from top to bottom looking for a match for the IP address, the match may be either a direct match on the IP address, or a pattern match. The first match is used to either allow or deny access to the user. If no matches are found for the user, they are granted access.

The order of the restrictions is very important. For example, if the very first rule is Deny all users, followed by Allow administrators group, no one will have access to the website because everyone would match the first rule. To achieve the desired outcome in this scenario, it is imperative that the deny is the last rule in the list.

In the sample shown above, only uses from 127.0.0.1, 10.0.0.0 through to 10.0.0.255 except for 10.0.0.180 will gain access to the website.

 

© 2016 Lexmark. All rights reserved. | Terms of Use | Contact