Prevent an IP address in your network from sending requests to your
instance
Avant de commencer
Role required: security_adminBecause the Edge Encryption proxy server
resides in your network, it may be subject to vulnerability scans by your network
software. To prevent IP scanner or other requests from being forwarded to your ServiceNow instance, you can add IP addresses, IP ranges, or
network masks to a deny list. Any connection to the proxy server from a deny listed
address is terminated and is not forwarded to your instance.
To place an IP
address on a deny list, you must be logged in to your instance through the proxy
server.
Important : Ensure that you understand your network topology before
adding IP addresses in your network to a deny list. If an IP address is added to
the deny list, any user with that IP address will be blocked from accessing the
Edge Encryption proxy server.
Procédure
-
Navigate to .
The Encryption Proxy IP Denylists [edge_encryption_ip_blacklist] list
view opens.
-
Click New.
-
Complete the form.
| Field |
Description |
| Proxy server |
The Edge Encryption proxy server that is
prevented from forwarding requests from addresses on the
deny list. |
| IP, IP range, or net-mask |
Requests from this IP address, range, or network mask are
not forwarded to your ServiceNow
instance. Example values include:
- IP address: 10.10.10.5
- IP range: 10.10.10.1-15
- Network mask: 10.10.10.0/24
Remarque : You may use either IPv4 or IPv6
addresses |
| Active |
Whether the record is active. Only IP addresses from
active records are prevented from sending requests to the
instance. |
| Description |
Description of the deny list record. |
-
Click Submit.
-
Repeat these steps for all other proxies for which an IP address should be
denied.
Résultats
The Edge Encryption proxy server terminates any connection from IP
addresses, ranges, or network masks on the deny list and cannot forward the request
to the instance.