Restrict access to specific IP ranges plugin [Updated in Security Center 1.3]
Use the com.snc.ipauthenticator plugin to restrict access to specific IP ranges. Unless public access is intended for the instance, administrators should limit access to their assigned IP net blocks.
Prerequisites
This plugin when set to true restricts access to specific IP ranges. Unless public access is intended for the instance, administrators should limit access to their assigned IP net blocks. An exclusion list (Deny) or an inclusion list (Allow) of IP addresses can be created through IP Address Access Control (ip_access_list.do).
Before setting this property, you must activate the IP Range Based Authentication (com.snc.ipauthenticator)com.snc.ipauthenticator plugin. To learn more, see IP range based authentication and in the Steps to configure section (below).
Ensure the plugin com.snc.ipauthenticator is activated and there is at least one active IP access policy in the table ip_access.
More information
| Attribute | Description |
|---|---|
| Plugin Name |
|
| Configuration type | System Security > IP Address Access Control |
| Category | Access control |
| Purpose | To add the range of IP address that can or can't access the instance to the trusted and untrusted domain lists. |
| Recommended value | Active |
| Default value | None. This is a plugin, not a Glide property; therefore, there is no default value. |
| Security risk rating | 5.3 |
| Functional impact | Customer-denied IP ranges are used for this remediation item. No impact as customer defines the target list. |
| Security risk | (Low) Unnecessary exposure to the target instance on the internet should be restricted with the help of IP access controls functionality. |
| References | IP range based authentication |
Steps to configure
- Ensure that the com.snc.ipauthenticator plugin is active.
- Navigate to .
- Click New to create an exclusion list (Deny) or an inclusion list (Allow) of IP addresses.
- Click Submit.