Adding network range rules
Add a network range rule to examine a request and determine whether to grant access to a target site based on whether the IP address falls within a specified range, using Classless Inter-Domain Routing notation.
Steps
-
Click Access and then go to Rules → Rules.
-
Click Add Rule.
-
In the Name field, enter a unique name, up to 64 characters long.
Special characters and spaces are allowed.
-
From the Type list, select Network Range.
-
In the Network Range field, enter a network range value, such as
127.0.0.1/8
.PingAccess supports IPv4 addresses.
-
Select Negate if when a match is found, access is not allowed.
-
If you want to override source address handling defined in the HTTP Requests configuration, click Show Advanced Settings and perform the following steps:
-
Click Override Request IP Source Configuration.
-
In the Headers field, enter the headers used to define the source IP address to use.
-
Select the Header Value Location to use when multiple addresses are present in the specified header.
Valid values are
Last
(the default) andFirst
. -
Click Fall Back to Last Hop IP to determine if, when the specified Headers are not present, PingAccess should return a
Forbidden
result or if it should use the address of the previous hop as the source to make policy decisions. -
To configure rejection handling, select a rejection handling method:
Choose from:
-
If you select Default, use the Rejection Handler list to select an existing rejection handler that defines whether to display an error template or redirect to a URL.
-
If you select Basic, you can customize an error message to display as part of the default error page rendered in the end-user’s browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide the following:
-
In the Error Response Code field, enter the HTTP status response code to send if rule evaluation fails.
The default is
403
. -
In the Error Response Status Message field, enter the HTTP status response message to send if rule evaluation fails.
The default is
Forbidden
. -
In the Error Response Template File field, enter the HTML template page for customizing the error message that displays if rule evaluation fails.
This template file is located in the
<PA_HOME>/conf/template/
directory. -
In the Error Response Content Type list, select the type of content for the error response.
This lets the client properly display the response.
-
-
-
-
Click Save.