|
Page Created :
qpid :
IP Whitelisting
IP Whitelisting has been created by Aidan Skinner (Feb 02, 2009). Content:While using a properly configured firewall is the obvious way to restrict access to a broker, it's occasionally desireable to do this on the broker itself. .h2 Configuration Everybody loves XML. Elements inside <whitelist> would be <rule> or <include file="path" <external-whitelist> would contain further <rule> entries, but not <include>. If the host attribute was specified the broker would check it's hostname against the attribute and cause a fatal error on startup if it did not match. <rule> would have action, virtualhost, hostname and network attributes. Action and one of host or network would be mandatory. Virtualhost would be optional, if specified it would match one of the virtualhosts. The action attribute would be either allow or deny. host would be a regexp against which it would match the reverse dns lookup of the connecting IP. network would be a CIDR against which the IP would be matched. The first <rule> which matched the connection would apply. If no rules applied, the default-action would apply. For example, the following could appear in config.xml: <whitelist default-action="" class="code-quote">"deny"> <rule action="" class="code-quote">"allow" hostname="*.qpid.apache.org" virtualhost="dev"/> <include file="/path/to/file" /> <rule action="" class="code-quote">"allow" network="192.168.1.0/24" /> <rule action="" class="code-quote">"allow" network="10.0.0.0/8" /> </whitelist>
|
Unsubscribe or edit your notifications preferences
