PingAccess

Adding network range rules

Add a network range rule to examine a request and determine whether to grant access to a target site based on whether the IP address falls within a specified range, using Classless Inter-Domain Routing notation.

Steps

  1. Click Access and then go to Rules → Rules.

  2. Click Add Rule.

  3. In the Name field, enter a unique name, up to 64 characters long.

    Special characters and spaces are allowed.

  4. From the Type list, select Network Range.

  5. In the Network Range field, enter a network range value, such as 127.0.0.1/8.

    PingAccess supports IPv4 addresses.

  6. Select Negate if when a match is found, access is not allowed.

  7. If you want to override source address handling defined in the HTTP Requests configuration, click Show Advanced Settings and perform the following steps:

    1. Click Override Request IP Source Configuration.

    2. In the Headers field, enter the headers used to define the source IP address to use.

    3. Select the Header Value Location to use when multiple addresses are present in the specified header.

      Valid values are Last (the default) and First.

    4. Click Fall Back to Last Hop IP to determine if, when the specified Headers are not present, PingAccess should return a Forbidden result or if it should use the address of the previous hop as the source to make policy decisions.

    5. Optional: To configure rejection handling, select a rejection handling method:

      If you select Default, use the Rejection Handler list to select an existing rejection handler that defines whether to display an error template or redirect to a URL.

      If you select Basic, you can customize an error message to display as part of the default error page rendered in the end-user’s browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide the following:

      1. In the Error Response Code field, enter the HTTP status response code to send if rule evaluation fails.

        The default is 403.

      2. In the Error Response Status Message field, enter the HTTP status response message to send if rule evaluation fails.

        The default is Forbidden.

      3. In the Error Response Template File field, enter the HTML template page for customizing the error message that displays if rule evaluation fails.

        This template file is located in the <PA_HOME>/conf/template/ directory.

      4. In the Error Response Content Type list, select the type of content for the error response.

        This lets the client properly display the response.

  8. Click Save.