Hi,
Is it possible to block a connection from a IP address?
I have seen in axests.conf, you can allow a range of addresses, but I cannot figure out how to block just one address with this system.
Thanks a lot
Jaime
Block an IP address
Moderator: jeanmichel
-
jeanmichel
- Posts: 109
- Joined: 23 May 2014, 11:37
- Location: Sydney
Re: Block an IP address
Hi Jaime,
You are correct in the axesTs configuration file you can specify a range of IP addresses allowed but there is no functionality to block an IP address (or a range of IP addresses).
We have raised this as an enhancement.
You are correct in the axesTs configuration file you can specify a range of IP addresses allowed but there is no functionality to block an IP address (or a range of IP addresses).
We have raised this as an enhancement.
Regards,
Jean-Michel Rapin
LANSA Pty Ltd
email: JeanMichel.Rapin@lansa.com.au
Address: 122 Arthur Street, North Sydney, NSW 2060, Australia
Tel: +61 289 070 262 http://www.lansa.com | http://blog.lansa.com |
Jean-Michel Rapin
LANSA Pty Ltd
email: JeanMichel.Rapin@lansa.com.au
Address: 122 Arthur Street, North Sydney, NSW 2060, Australia
Tel: +61 289 070 262 http://www.lansa.com | http://blog.lansa.com |
-
eduardorama
- Posts: 13
- Joined: 19 Aug 2020, 11:26
Re: Block an IP address
Hi,
is there a solution to this?
Thanks,
Eduardo
is there a solution to this?
Thanks,
Eduardo
Re: Block an IP address
I think you can control this at firewall level, or even directly in the as400 using ip filtering.
https://www.mcpressonline.com/security/ ... -filtering
https://www.mcpressonline.com/security/ ... -filtering
Re: Block an IP address
I know that if you are using axes-jsm, you can allow IP Addresses using this parameter under the HttpserviceAxes section in httpd.xml
<parameter name="allow.ip.address" value="1.2.3.*"/> <-- this would allow all users in the 1.2.3 domain to execute aXes.
I have not tried it myself but there might also be a "deny.ip.address" parameter too.
Cheers
bark
<parameter name="allow.ip.address" value="1.2.3.*"/> <-- this would allow all users in the 1.2.3 domain to execute aXes.
I have not tried it myself but there might also be a "deny.ip.address" parameter too.
Cheers
bark
-
tim mcentee
- Posts: 40
- Joined: 26 Jul 2017, 13:20
Re: Block an IP address
In httpd.xml config there is a deny IPaddress setting. I haven't tried it. I imagine that it will not do what you want. It is a webserver deny/allow where if used commonly the deny is done to deny all, then you do allow to allow certain IP addresses. You might be able to configure it to work for your need.
<instance name="WebServer" active="true" root="../zzz/www/instance/htdocs" index="index.html">
<!--
INSTALL_ROOT - "" or unix "/opt" folder
INSTALL_PORT - "port"
INSTALL_LIB - "library"
-->
<errorlog enabled="true" file="../zzz/www/instance/logs/error.log"/>
<accesslog enabled="true" file="../zzz/www/instance/logs/access.log"/>
<listen port="nnnn" sslport="nnnn" interface="*ALL" backlog="256" secure="false"
store="pki/wwwssl.jks" password="password" sslprotocol="TLSV1.2"
buffersend="-1" bufferreceive="-1" nodelay="false" timeout="10"/>
<access>
<!--
Once a true condition occurs no more evaluations are done.
<deny address="*"/>
<deny address="10.2.1.45"/>
<allow address="*"/>
<allow address="10.2.1.45"/>
-->
</access>
<instance name="WebServer" active="true" root="../zzz/www/instance/htdocs" index="index.html">
<!--
INSTALL_ROOT - "" or unix "/opt" folder
INSTALL_PORT - "port"
INSTALL_LIB - "library"
-->
<errorlog enabled="true" file="../zzz/www/instance/logs/error.log"/>
<accesslog enabled="true" file="../zzz/www/instance/logs/access.log"/>
<listen port="nnnn" sslport="nnnn" interface="*ALL" backlog="256" secure="false"
store="pki/wwwssl.jks" password="password" sslprotocol="TLSV1.2"
buffersend="-1" bufferreceive="-1" nodelay="false" timeout="10"/>
<access>
<!--
Once a true condition occurs no more evaluations are done.
<deny address="*"/>
<deny address="10.2.1.45"/>
<allow address="*"/>
<allow address="10.2.1.45"/>
-->
</access>