You are here

How to restrict external access to certain IP addresses

OLD: Affects product: 
Airlock WAF
OLD: Affects version(s): 
5
4.2 all versions

Q: How can the access to a web application (not the management interface) be restricted to a subnet or some clients only?

A: Create an IP Filter as follows:

  1. In the corresponding mapping(s) create a new Allow Rule and add your own IP address pattern by klicking on "Edit". Once a pattern is created, it can also be reused in other mapping(s).
    Examples:
    ^(12\.30\.222\.65|12\.47\.45\.30)$    (two distinct addresses)
    ^12\.30\.222\.                        (whole subnet)
    Hint: Use the inbound regex tester for quick verification.
  2. You may additionally restrict other parts like the HTTP method (GET and/or POST only).
  3. In all mappings where the IP restriction should apply, activate the new Allow Rule and deactivate the default "Allow all" Allow Rule.

Remark: To deny access for some IP addresses or a subnet, create a new Deny Rule (instead of an Allow Rule) and set it active in the deny rule section of all corresponding mappings.

Knowledge Base Categories: