Deny Inbound Connections from Specified Hosts (Allow All Others)
The following procedure describes how to change the global IP access setting to Allow by Default and specify some hosts to deny.
With this setting in effect, the server allows most hosts and denies some.
To deny inbound requests from specified hosts
1. Open the Integration Server Administrator if it is not already open.
2. Go to Server > Ports.
3. Click Change Global IP Access Restrictions.
4. Click Change IP Access Mode to Allow by Default.
The server changes the access mode and displays a page from which you can add hosts to the Deny List.
5. Click Add Hosts to Deny List.
6. Specify the host names (e.g., workstation5.webmethods.com) or IP addresses (e.g. 132.906.19.22 or 2001:db8:85a3:8d3:1319:8a2e:370:7348) of hosts from which the server is to deny inbound requests). Separate your entries with commas, for example: *.denyme.com, *.denyme2.com.
The host names or IP addresses can include upper and lower case alphabetic characters, digits (0-9), hyphens (-), and periods (.) and cannot include spaces. For IPv6, IP addresses can also include colons (:) and brackets ([]).
Avoid using the fully qualified domain name of the host. Integration Server resolves incoming host names to the simple host name and then compares the simple host name to the fully qualified domain name in the deny list. The names will not match and Integration Server will conclude that the request should be allowed. To work around this, you can use the * wildcard at the end of the simple host name. Alternatively, use the IP address.
Note:
IP addresses are harder to spoof, and therefore more secure.
You can use the following pattern-matching characters to identify several clients with similar host names or IP addresses.
Char | Description | Example |
* | Matches any number of characters | r*.webmethods.com |
? | Matches any single character | workstation?.webmethods.com |
7. Click Add Hosts.