Add a network range rule to examine a request and determine whether to grant access to a target site based on whether the IP address falls within a specified range, using Classless Inter-Domain Routing notation.
- Click Access and then go to Rules > Rules.
- Click + Add Rule.
-
In the Name field, enter a unique name, up to 64
characters long.
Special characters and spaces are allowed.
- From the Type list, select Network Range.
-
In the Network Range field, enter a network range value,
such as
127.0.0.1/8
.PingAccess supports IPv4 addresses.
- Select Negate if when a match is found, access is not allowed.
-
If you want to override source address handling defined in the HTTP
Requests configuration, click Show Advanced
Settings and perform the following steps:
- Click Override Request IP Source Configuration.
- In the Headers field, enter the headers used to define the source IP address to use.
-
Select the Header Value Location to use when
multiple addresses are present in the specified header.
Valid values are
Last
(the default) andFirst
. -
Click Fall Back to Last Hop IP to determine if,
when the specified Headers are not present,
PingAccess should return a
Forbidden
result or if it should use the address of the previous hop as the source to make policy decisions. - Optional:
To configure rejection handling, select a rejection handling method:
If you select Default, use the Rejection Handler list to select an existing rejection handler that defines whether to display an error template or redirect to a URL.
If you select Basic, you can customize an error message to display as part of the default error page rendered in the end-user's browser if rule evaluation fails. This page is among the templates you can modify with your own branding or other information. If you select Basic, provide the following:
- In the Error Response Code field, enter the HTTP
status response code to send if rule evaluation fails.
The default is
403
. - In the Error Response Status Message field, enter the
HTTP status response message to send if rule evaluation fails.
The default is Forbidden.
- In the Error Response Template File field, enter the
HTML template page for customizing the error message that displays if rule
evaluation fails.
This template file is located in the <PA_HOME>/conf/template/ directory.
- In the Error Response Content Type list, select the
type of content for the error response.
This lets the client properly display the response.
- In the Error Response Code field, enter the HTTP
status response code to send if rule evaluation fails.
- Click Save.