Plugin: Access restriction to search results
Purpose
Use this plugin if you need to restrict the access to your search results.
This plugin allows you to specify a HTTP header and token value that must be included with a search request for results to be returned.
This provides a token-based alternative for restricting access to search results.
When to use this plugin
When embedding the search in another system
Because this plugin controls access via a configured token that must be provided via HTTP headers each time a search request is made, this is most useful when you embed the search in another system.
In this case the other system calls the search on the user’s behalf and can add in the additional headers when the request is made.
For example, if you call the search from Squiz Matrix using a REST asset, the asset can be configured to provide the token along with every request that is made to Funnelback.
Usage
Enable the plugin
-
Select Plugins from the side navigation pane and click on the Access restriction to search results tile.
-
From the Location section, select the results page to which you would like to enable this plugin from the Select a results page select list.
The plugin will take effect as soon as you finish running through the plugin setup steps. |
Configuration settings
The configuration settings section is where you do most of the configuration for your plugin. The settings enable you to control how the plugin behaves.
The configuration key names below are only used if you are configuring this plugin manually. The configuration keys are set in the results page configuration to configure the plugin. When setting the keys manually you need to type in (or copy and paste) the key name and value. |
Header name
Configuration key |
|
Data type |
string |
Required |
This setting is required |
Specifies the HTTP header name containing the security token
Security token
Configuration key |
|
Data type |
Encrypted string |
Required |
This setting is required |
The value of the security token that must be provided as the value of the configured HTTP header when making the request.
The user will only be granted access to view the search results if the header name and token are supplied when making the query.
Examples
This example shows how to configure the plugin to restrict access to a set of search results unless you provide the following in you HTTP headers when making your search request:
HTTP header | Value |
---|---|
|
|
To achieve this, the plugin must be configured with the settings:
Plugin setting | Value |
---|---|
Header name |
|
Security token |
|
The token you enter ( profile.cfg
|