access_restriction

Allows restricting search interface access to certain IPs/hostname suffixes.

Key: access_restriction
Type: String
Can be set in: profile.cfg, collection.cfg

Description

This option allows a search interface to be accessed only from systems with certain IP addresses or hostname suffixes. The option is a comma-separated list of suffixes or CIDR ranges.

The user’s IP address is matched against the values in the list. If the match is unsuccessful then they are denied access, or redirected to the access_alternate collection if one is defined.

Note that the user’s apparent IP may be altered by access_restriction.prefer_x_forwarded_for and ui.modern.pseudonymise_client_ips.

When restricting to a hostname suffix a reverse DNS lookup will be done on the user’s apparent IP address to find the associated hostname. The result of this reverse DNS lookup will be cached for no less than 2 minutes regardless of TTL.

The value may also be set to the following special keywords:

  • no_restriction - Indicates no access restriction should be applied.

  • no_access - Indicates that no user should be permitted, regardless of their source IP address.

Default Value

access_restriction=no_restriction

No access restriction is applied by default.

Examples

access_restriction=example.com,1.2.3.4/32,2.2.2.0/24

Allow access to the IP address 1.2.3.4, and IP address beginning within the 2.2.2.0/24 and any user who’s hostname, based on a reverse DNS lookup of their IP address, ends with example.com.

© 2015- Squiz Pty Ltd