Block an IP address

Use this Forum to post your “How to …” questions about your use of aXes. This is not a technical support forum. Both the aXes Support Team at LANSA and other aXes customers may answer your questions. LANSA cannot guarantee the accuracy of any information posted by customers.

Moderator: jeanmichel

Post Reply
jaimosky
Posts: 40
Joined: 30 May 2017, 16:48

Block an IP address

Post by jaimosky »

Hi,

Is it possible to block a connection from a IP address?
I have seen in axests.conf, you can allow a range of addresses, but I cannot figure out how to block just one address with this system.

Thanks a lot
Jaime
User avatar
jeanmichel
Posts: 109
Joined: 23 May 2014, 11:37
Location: Sydney

Re: Block an IP address

Post by jeanmichel »

Hi Jaime,

You are correct in the axesTs configuration file you can specify a range of IP addresses allowed but there is no functionality to block an IP address (or a range of IP addresses).

We have raised this as an enhancement.
Regards,

Jean-Michel Rapin

LANSA Pty Ltd
email: JeanMichel.Rapin@lansa.com.au
Address: 122 Arthur Street, North Sydney, NSW 2060, Australia
Tel: +61 289 070 262 http://www.lansa.com | http://blog.lansa.com |
eduardorama
Posts: 13
Joined: 19 Aug 2020, 11:26

Re: Block an IP address

Post by eduardorama »

Hi,
is there a solution to this?

Thanks,
Eduardo
User avatar
Dino
Posts: 88
Joined: 19 May 2017, 08:29

Re: Block an IP address

Post by Dino »

I think you can control this at firewall level, or even directly in the as400 using ip filtering.
https://www.mcpressonline.com/security/ ... -filtering
bark
Posts: 13
Joined: 08 Sep 2017, 13:55

Re: Block an IP address

Post by bark »

I know that if you are using axes-jsm, you can allow IP Addresses using this parameter under the HttpserviceAxes section in httpd.xml
<parameter name="allow.ip.address" value="1.2.3.*"/> <-- this would allow all users in the 1.2.3 domain to execute aXes.

I have not tried it myself but there might also be a "deny.ip.address" parameter too.

Cheers
bark
tim mcentee
Posts: 40
Joined: 26 Jul 2017, 13:20

Re: Block an IP address

Post by tim mcentee »

In httpd.xml config there is a deny IPaddress setting. I haven't tried it. I imagine that it will not do what you want. It is a webserver deny/allow where if used commonly the deny is done to deny all, then you do allow to allow certain IP addresses. You might be able to configure it to work for your need.

<instance name="WebServer" active="true" root="../zzz/www/instance/htdocs" index="index.html">
<!--
INSTALL_ROOT - "" or unix "/opt" folder
INSTALL_PORT - "port"
INSTALL_LIB - "library"
-->

<errorlog enabled="true" file="../zzz/www/instance/logs/error.log"/>
<accesslog enabled="true" file="../zzz/www/instance/logs/access.log"/>

<listen port="nnnn" sslport="nnnn" interface="*ALL" backlog="256" secure="false"
store="pki/wwwssl.jks" password="password" sslprotocol="TLSV1.2"
buffersend="-1" bufferreceive="-1" nodelay="false" timeout="10"/>

<access>
<!--
Once a true condition occurs no more evaluations are done.

<deny address="*"/>
<deny address="10.2.1.45"/>

<allow address="*"/>
<allow address="10.2.1.45"/>
-->
</access>
Post Reply