IPFilter

IPFilter

IP filtering allows rules to be established to prevent certain IP addresses from successfully connecting, or to allow only certain IP addresses to connect. Each rule consists of a mask, an action and (optionally) a user. The mask specifies which IP addresses the rule pertains to and the action specifies what should be done. If a user is defined for a rule then that rule will apply only to that user. Rules with no user defined apply to all users.

The mask may be (a) a specific IP address, such as 123.123.123.123, (b) the first one, two or three parts of an IP address, such as 192.168, which specifies all the IP addresses that begin with those parts, (c) a specific numeric range of IP addresses, such as 192.168.2.100-150, (d) an Internet host-name, or (e) a LAN network name.

There are three possible actions - deny, allow and allow-always. Deny will block access from clients whose IP addresses are included in the mask. Allow will permit access, unless the auto-banning system has detected too many failed login-attempts. Allow-always is like allow except that auto-banning is disabled.

These rules are combined to filter incoming IP addresses. When a connection attempt is made, the rules are consulted to see if the remote IP address matches the rules, and the connection is dropped if it is determined that access should be denied.

The precedence of operations is important. By default, the precedence is Deny over allow. This means that if all IP addresses are allowed, and there is a deny rule for a specific address or range, then the deny rule takes precedence and any IP address matching the deny rule is denied.

Allow over deny is the other option, which means if an IP address matches an allow rule, then it will be permitted access even if it is listed in a deny rule.

Instances of this class should be obtained using Site.ipFilter.

Members

precedence :String

Description:

  • The precedence of operations (i.e. 'DenyOverAllow' or 'AllowOverDeny').

Source:

The precedence of operations (i.e. 'DenyOverAllow' or 'AllowOverDeny').

Type:
  • String

Methods

add(action, hostopt, useropt) → {IPFilterRule}

Description:

  • Adds an IP filter rule.

Source:
Parameters:
Name Type Attributes Default Description
action String

The action of the rule (i.e. 'Deny', 'Allow' or 'AllowAlways').
host String <optional>
 All

The mask of the rule. Rules with no mask defined apply to al IP addresses.
user String | User <optional>
 none

Name or a User object of the user that the rule applies to. Rules with no user defined apply to all users.
Returns:
Type
IPFilterRule

get(id) → {IPFilterRule}

Description:
Source:
Parameters:
Name Type Description
id String

ID of the IP filter rule.
Returns:
Type
IPFilterRule

remove(id)

Description:

  • Deletes the given IP filter rule.

Source:
Parameters:
Name Type Description
id String | IPFilterRule

ID or an IPFilterRule object of the rule to be deleted.

toArray() → {Array.<IPFilterRule>}

Description:

  • Returns an array of IPFilterRule objects representing all existing IP filter rules.

Source:
Returns:
Type
Array.<IPFilterRule>