Add a network range rule to examine a request and determine whether to grant access to a target site based on whether the IP address falls within a specified range, using Classless Inter-Domain Routing notation.
- Click Access and then go to .
- Click + Add Rule.
In the Name field, enter a unique name, up to 64
Special characters and spaces are allowed.
- From the Type list, select Network Range.
In the Network Range field, enter a network range value,
PingAccess supports IPv4 addresses.
- Select Negate if when a match is found, access is not allowed.
If you want to override source address handling defined in the HTTP
Requests configuration, click Show Advanced
Settings and perform the following steps:
- Click Override Request IP Source Configuration.
- In the Headers field, enter the headers used to define the source IP address to use.
Select the Header Value Location to use when
multiple addresses are present in the specified header.
Valid values are
Last(the default) and
Click Fall Back to Last Hop IP to determine if,
when the specified Headers are not present,
PingAccess should return a
Forbiddenresult or if it should use the address of the previous hop as the source to make policy decisions.
To configure rejection handling, select a rejection handling method:
If you select Default, use the Rejection Handler list to select an existing rejection handler that defines whether to display an error template or redirect to a URL.
If you select Basic, you can customize an error message to display as part of the default error page rendered in the end-user's browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide the following:
- In the Error Response Code field, enter the HTTP
status response code to send if rule evaluation fails.
The default is
- In the Error Response Status Message field, enter the
HTTP status response message to send if rule evaluation fails.
The default is Forbidden.
- In the Error Response Template File field, enter the
HTML template page for customizing the error message that displays if rule
This template file is located in the <PA_HOME>/conf/template/ directory.
- In the Error Response Content Type list, select the
type of content for the error response.
This lets the client properly display the response.
- In the Error Response Code field, enter the HTTP status response code to send if rule evaluation fails.
- Click Save.