Securing Services via IP Filters

enaio® 9.10 »

You can configure what incoming IP addresses are allowed to access the services by setting IP filters in the services configuration.

The default setting permits access by all IP addresses: trusted.ipPattern: '.*'

Proceed as follows to be able to configure a filter.

  1. Open the file …\services\service-manager\config\application-prod.yml in a text editor.
  2. Assign the desired IP addresses to the parameter trusted.ipPattern.

  3. Save the configuration and restart enaio® services-admin.

For a list of IP addresses, each address must always be placed in brackets. Addresses are separated by the pipe character '|'. Dots in IP addresses must be preceded by the Escape character '\'. However, no escape character is required before colons in IPv6 addresses.

Examples

Permitted access Sample configuration
By all IP addresses .*
By specified addresses (10.10.10.10)|(10.10.10.11)| ... (10.10.10.1x)

If IP filters are configured, then the following addresses must be allowed:

  • 127.0.0.1

    The microservices will be installed with the IP address '127.0.0.1'. This address must be specified so that they are linked together. If IP addresses have been changed in configuration files of micorservices, then these must also be allowed.

  • Addresses of all microservice installations
  • Addresses of all services

    enaio® gateway, enaio® appconnector, enaio® webservices, and the viewing services

  • Addresses of all enaio® server
  • Address of Elasticsearch
  • Address of ABBYY FineReader