How to Use IP Constraints

IP constraints can be set at different points in ADONIS. They need to use the following pattern:

• An IP constraint consists of a comma separated list of rules.

• A rule consists of an optional keyword ('allow' or 'deny') followed by a white space, and a CIDR range, IP address or address with wild card * (e.g. 192.168.*). The keyword "all" can be used to match all addresses.

• If rules are present, but no match is made, the default setting is "deny".

• If no rules are present, the default setting depends on the functionality for which you are currently setting IP constraints:

  • Configure IP Restrictions for the Organisation Portal: the default setting is "allow"

  • Enable Basic Authentication for ADONIS: the default setting is "deny"

  • Configure Settings for OAuth 2.0: the default setting is "allow"

• Wrap each rule in quotes ("") when configuring IP restrictions for the Organisation Portal or basic authentication (JSON syntax rules).

• The first matching rule decides. E.g. when you formulate a constraint like "allow 192.*, deny 192.168.0.1", the 'deny' rule would have no effect, as that address matches the 'allow' rule already.

Example

Deny all IP addresses starting with 192., deny the IP address 193.168.0.1, allow all other IP addresses:

deny 192.*,deny 193.168.0.1,allow all (for OAuth 2.0) | "deny 192.*","deny 193.168.0.1","allow all" (for Organisation Portal or basic authentication)

Allow all IP addresses starting with 178. except 178.6.6.6, deny all other IP addresses:

deny 178.6.6.6,allow 178.* (for OAuth 2.0) | "deny 178.6.6.6","allow 178.*" (for Organisation Portal or basic authentication)