access_restriction
Allows restricting search interface access to certain IPs/hostname suffixes.
Key: access_restriction
Type: String
Can be set in: profile.cfg, collection.cfg
Description
This option allows a search interface to be accessed only from systems with certain IP addresses or hostname suffixes. The option is a comma-separated list of suffixes or CIDR ranges.
The user’s IP address is matched against the values in the list. If the match is unsuccessful then they are denied access, or redirected to the access_alternate collection if one is defined.
Note that the user’s apparent IP may be altered by
access_restriction.prefer_x_forwarded_for
and
ui.modern.pseudonymise_client_ips
.
When restricting to a hostname suffix a reverse DNS lookup will be done on the user’s apparent IP address to find the associated hostname. The result of this reverse DNS lookup will be cached for no less than 2 minutes regardless of TTL.
The value may also be set to the following special keywords:
-
no_restriction
- Indicates no access restriction should be applied. -
no_access
- Indicates that no user should be permitted, regardless of their source IP address.