Access Control Management

SOAP/AM Server Management > The SOAP/AM Server Control Panel >

Access Control Management

 Previous pageReturn to chapter overviewNext page

Access to SOAP/AM Server can be controlled by allowing or preventing access to server resources based on the client's IP address. Access control can be configured in one of two ways.

 

Allow all with exceptions

 

By selecting Allow access from all computers you are allowing access from all computers and can optionally deny access to specific computers or groups of computers specified in the exception list.

 

Deny all with exceptions

 

By selecting Deny access from all computers you are denying access from all computers except those listed in the exception list. When configuring this option you must specify at least one address in the exception list and you cannot deny access from the computer you are currently using.

 

Specifying Exceptions

 

The exception list is supplied as a comma separated list of IP address/subnet mask pairs in the following format:

 

<IP Address> [ / <subnet mask> ]

 

The subnet mask field is optional and if omitted, is assumed to be 255.255.255.255.

 

When a connection is made to the server, the client's IP address is compared to each entry in the exception list. The client IP address is logically ANDed with the subnet mask and compared to the associated IP address. If the IP addresses match then the server determines if this address is allowed or denied. If the address is denied the server returns an HTTP 403 error to the client.

 

Examples

 

Only allow access from the client with IP address 192.168.168.70

Select: Deny access from all computers

Exception list: 192.168.168.70

 

Only allow access from hosts in the network 192.168.168

Select: Deny access from all computers

Exception list: 192.168.168.0/255.255.255.0

 

Only allow access from host 192.168.0.22 and all hosts in network 192.168.168

Select: Deny access from all computers

Exception list 192.168.0.22, 192.168.168.0/255.255.255.0

 

Allow access to all computers except those in networks 192.168.168 and 192.169

Select: Allow access to all computers

Exception list: 192.168.168.0/255.255.255.0, 192.169.0.0/255.255.0.0

 

Note

 

It is possible to configure Access Control in a way that will prevent all access to the server. For example, if you configure the server to deny access to all computers except those in a specific address group and subsequently change your network addressing scheme, you may not be able to access the server. If this should occur you can use the -disableaccesscontrol command line option to temporarily disable the Access Control feature while you update the configuration. Refer to Starting the SOAP/AM Server for more information.