HP NonStop SSL Reference Manual Configuration • 37
ALLOWIP
Use this parameter to specify which remote IP addresses are to be allowed to establish sessions ("white list").
Note: With HP NonStop SSL AAE, the parameter syntax for specifying subnets has been changed to using Classless
Interdomain Routing (CIDR) format in order to prevent ambiguous subnet specification and simplify usage, especially
with IPv6 entries.
Parameter Syntax
ALLOWIP [direction]range
Arguments
direction
Optional character specifying realm on which rules shall be applied
o A = Apply rules on incoming connections only
o C = Apply rules on outgoing connections only
o B = Apply rules on all connections only (*default*)
range
One or more Classless Interdomain Routing (CIDR) format entries specifying an IP subnet or a single host IP
address. Entries have to be separated by comma. The network suffix can be left out for host entries (/32 or /128 will
be assumed then). IPv6/DUAL entries have to be specified in square brackets. Entry types and the corresponding
CIDR format:
o IPv4 address: 10.1.2.196 ( /32 is assumed)
o IPv4 subnet : 10.2.0.0/16
o IPv6 address: [abcd:1111::ab00] ( /128 is assumed)
o IPv6 subnet : [abcd::ef00/120]
o DUAL address: [::ffff:172.0.0.28] ( /128 is assumed)
o DUAL subnet : [::ffff:172.1.1.0/104]
Considerations
• See section "Limiting Remote IP Addresses" for the concept of remote IP filtering.
• The parameter can be changed at run time using SSLCOM, please see chapter "SSLCOM Command Interface"
for details.
• Backwards compatibility to the former syntax is preserved, however in the mid-term ALLOWIP and DENYIP
should be changed to using CIDR format.
Default
If omitted, HP NonStop SSL will use * to allow all remote IP addresses.
Example
ALLOWIP 10.0.1.0/24, 10.0.2.0/24, 172.22.22.42
ALLOWIP A[abcd::ef00/120] , [abcd:1111::ab00] , [::ffff:172.1.1.0/104]
To Next Page
Loading...
Need help?
General