Security rules example: Access to stream by IP address

In this example, you create access rights to a specific stream through the IP address.

You can use the IP address for access rights in the following cases:

  • When you want an app to only be available from an internal network.
  • When you want an app to only be available to mobile users.

Procedure

Do the following:

  1. Open Virtual proxies.
  2. Select the virtual proxy that you want to edit and click Edit.

  3. In the Advanced section, select Extended security environment.

  4. Click Apply.

  5. Click OK in the Apply changes to virtual proxy popup.

  6. Open Streams and create a new stream.

  7. Open Security rules and click P Create new.

  8. In the Create rule from template list, select Stream access.

  9. Enter a name for the rule.

  10. Set the resource filter to filter on a specific stream:

    In the Advanced section, fill in the Resource filter field as per Security rule code.

    Example: Stream_aaec8d41-5201-43ab-809f-3063750dfafd

  11. Set the conditions to specify the resource and IP address that the rule applies to:

    In the Advanced section, fill in the Conditions field as per Security rule code.

    Example: user.environment.ip = "::ffff:10.88.0.5"

  12. Set the actions that the rule is to provide:

    In the Basic section, select Actions as per Security rule code.

    Select the actions Read and Publish.

  13. Click Apply.

You have now created access to a specific stream based on the IP address of the connecting device.

Security rule code

The following is the security rule code for this example, with explanatory comments.

Field Code Comments
Resource filter Stream_<GUID>

Filters on a specific stream.

Conditions (user.environment.ip="<Your_IP_address>")

There are different formats for the user.environment.ip condition. With the implementation of the hybrid dual-stack IPv6/IPv4, it is always the IPv6 format that is used. If the client that makes the call uses IPv6, the IPv6 address is added by the proxy. If the client uses IPv4, the IPv4-mapped addresses are used.

Example 1:  

IPv4 address: 10.88.0.5 => ::ffff:10.88.0.5 (IPv6)

In this case the rule condition can be written in the following ways:

  • user.environment.ip like "*10.88.0*"
  • user.environment.ip like "::ffff:10.88*"
  • user.environment.ip = "::ffff:10.88.0.5"

Example 2:  

IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

In this case the rule condition can be written in the following ways:

  • user.environment.ip like "*0db8:85a3:0000:0000:8a2e*"
  • user.environment.ip like "2001:0db8:85a3:0000:0000*"
  • user.environment.ip = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
Note: The asterisks (*) in the examples indicate additional characters.

(user.environment.ip="<Your_IP_address>")

The rule applies to the devices that connect from an IP address that corresponds to the value.

Actions Read, Publish

Read and Publish actions will be granted provided that the conditions are met.

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?