aXes User Forum

The Meeting Place for aXes users to ask questions, supply answers and provide tips and techniques about different ways to use aXes.
https://axes.lansa.com.au/

Block an IP address

https://axes.lansa.com.au/viewtopic.php?t=92

Page 1 of 1

Block an IP address

Posted: 02 Feb 2018, 22:10
by jaimosky
Hi,

Is it possible to block a connection from a IP address?
I have seen in axests.conf, you can allow a range of addresses, but I cannot figure out how to block just one address with this system.

Thanks a lot
Jaime

Re: Block an IP address

Posted: 06 Feb 2018, 14:59
by jeanmichel
Hi Jaime,

You are correct in the axesTs configuration file you can specify a range of IP addresses allowed but there is no functionality to block an IP address (or a range of IP addresses).

We have raised this as an enhancement.

Re: Block an IP address

Posted: 04 Apr 2022, 14:59
by eduardorama
Hi,
is there a solution to this?

Thanks,
Eduardo

Re: Block an IP address

Posted: 06 Apr 2022, 02:24
by Dino
I think you can control this at firewall level, or even directly in the as400 using ip filtering.
https://www.mcpressonline.com/security/ ... -filtering

Re: Block an IP address

Posted: 06 Jun 2022, 09:42
by bark
I know that if you are using axes-jsm, you can allow IP Addresses using this parameter under the HttpserviceAxes section in httpd.xml
<parameter name="allow.ip.address" value="1.2.3.*"/> <-- this would allow all users in the 1.2.3 domain to execute aXes.

I have not tried it myself but there might also be a "deny.ip.address" parameter too.

Cheers
bark

Re: Block an IP address

Posted: 08 Dec 2022, 11:30
by tim mcentee
In httpd.xml config there is a deny IPaddress setting. I haven't tried it. I imagine that it will not do what you want. It is a webserver deny/allow where if used commonly the deny is done to deny all, then you do allow to allow certain IP addresses. You might be able to configure it to work for your need.

<instance name="WebServer" active="true" root="../zzz/www/instance/htdocs" index="index.html">
<!--
INSTALL_ROOT - "" or unix "/opt" folder
INSTALL_PORT - "port"
INSTALL_LIB - "library"
-->

<errorlog enabled="true" file="../zzz/www/instance/logs/error.log"/>
<accesslog enabled="true" file="../zzz/www/instance/logs/access.log"/>

<listen port="nnnn" sslport="nnnn" interface="*ALL" backlog="256" secure="false"
store="pki/wwwssl.jks" password="password" sslprotocol="TLSV1.2"
buffersend="-1" bufferreceive="-1" nodelay="false" timeout="10"/>

<access>
<!--
Once a true condition occurs no more evaluations are done.

<deny address="*"/>
<deny address="10.2.1.45"/>

<allow address="*"/>
<allow address="10.2.1.45"/>
-->
</access>
All times are UTC+10:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited