Securing Services via IP Filters
You can configure what incoming IP addresses are allowed to access the services by setting IP filters in the services configuration.
The default setting permits access by all IP addresses: trusted.ipPattern: '.*'
Proceed as follows to be able to configure a filter.
- Open the file …\services\service-manager\config\application-prod.yml in a text editor.
-
Assign the desired IP addresses to the parameter
trusted.ipPattern
. - Save the configuration and restart enaio® services-admin.
For a list of IP addresses, each address must always be placed in brackets. Addresses are separated by the pipe character '|'. Dots in IP addresses must be preceded by the Escape character '\'. However, no escape character is required before colons in IPv6 addresses.
Examples
Permitted access | Sample configuration |
---|---|
By all IP addresses | .* |
By specified addresses | (10.10.10.10)|(10.10.10.11)| ... (10.10.10.1x) |
If IP filters are configured, then the following addresses must be allowed:
- 127.0.0.1
The microservices will be installed with the IP address '127.0.0.1'. This address must be specified so that they are linked together. If IP addresses have been changed in configuration files of micorservices, then these must also be allowed.
- Addresses of all microservice installations
- Addresses of all services
enaio® gateway, enaio® appconnector, enaio® webservices, and the viewing services
- Addresses of all enaio® server
- Address of Elasticsearch
- Address of ABBYY FineReader