Security rules example: Access to stream by IP address
In this example, you create access rights to a specific stream through the IP address.
You can use the IP address for access rights in the following cases:
- When you want an app to only be available from an internal network.
- When you want an app to only be available to mobile users.
Procedure
Do the following:
- Open Virtual proxies.
-
Select the virtual proxy that you want to edit and click Edit.
-
In the Advanced section, select Extended security environment.
-
Click Apply.
-
Click OK in the Apply changes to virtual proxy popup.
-
Open Streams and create a new stream.
-
Open Security rules and click Create new.
-
In the Create rule from template list, select Stream access.
-
Enter a name for the rule.
-
Set the resource filter to filter on a specific stream:
In the Advanced section, fill in the Resource filter field as per Security rule code.
Example: Stream_aaec8d41-5201-43ab-809f-3063750dfafd
-
Set the conditions to specify the resource and IP address that the rule applies to:
In the Advanced section, fill in the Conditions field as per Security rule code.
Example: user.environment.ip = "::ffff:10.88.0.5"
-
Set the actions that the rule is to provide:
In the Basic section, select Actions as per Security rule code.
Select the actions Read and Publish.
-
Click Apply.
You have now created access to a specific stream based on the IP address of the connecting device.
Security rule code
The following is the security rule code for this example, with explanatory comments.
Field | Code | Comments |
---|---|---|
Resource filter | Stream_<GUID> |
Filters on a specific stream. |
Conditions |
(user.environment.ip="<Your_IP_address>")
There are different formats for the user.environment.ip condition. With the implementation of the hybrid dual-stack IPv6/IPv4, it is always the IPv6 format that is used. If the client that makes the call uses IPv6, the IPv6 address is added by the proxy. If the client uses IPv4, the IPv4-mapped addresses are used. Example 1: IPv4 address: 10.88.0.5 => ::ffff:10.88.0.5 (IPv6) In this case the rule condition can be written in the following ways:
Example 2: IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 In this case the rule condition can be written in the following ways:
Information noteThe asterisks (*) in the examples indicate additional characters.
|
(user.environment.ip="<Your_IP_address>") The rule applies to the devices that connect from an IP address that corresponds to the value. |
Actions | Read, Publish |
Read and Publish actions will be granted provided that the conditions are met. |