Limiting Access to Authorized Hosts

To limit access to MCS to specified hosts, you can set options in the SecurityGateway.properties text file located in the ../mcs/WEB-INF/data/securitygateway/settings directory.

If you need to change this file, be sure that the option Secure the Integrity of Critical MCS Files on the Security Services Configuration page is cleared. Otherwise, changes to this file may cause MCS to function incorrectly.

To limit access to authorized hosts

To limit access to authorized hosts
Open SecurityGateway.properties in a text editor and edit the following property: validHost1 — Allows client access only to authorized hosts. This option applies only for clients configured to access hosts via security services. By default, security services allows access to any host address and port specified in a client configuration. A destination filter limits access to clients whose target host matches one of the authorized hosts specified in the destination filter. Replace the Attachmate-supplied value, `...:`, which denotes a connection with any host and port. Use the format IPaddress:port where IPaddress is the IP address of the host (not its domain name), and port* is the number of the port on which the host is listening. You can use the asterisk character () as a wildcard in any position of the IP address and in the port, for example, `149.82..:23 or 149.82.50.61:` You cannot use the question mark (?) as a wildcard character. You can include comments, indicated by the pound (#) character in the first position of a line. If you want to filter multiple hosts, add additional ValidHostx=IPaddress:port properties, where x is a consecutive integer from 2 up, and IPaddress:port is the IP address and port number of the host. Save and close SecurityGateway.properties.

Open SecurityGateway.properties in a text editor and edit the following property:
- validHost1 — Allows client access only to authorized hosts. This option applies only for clients configured to access hosts via security services.
  By default, security services allows access to any host address and port specified in a client configuration. A destination filter limits access to clients whose target host matches one of the authorized hosts specified in the destination filter.
  
  Replace the Attachmate-supplied value, *.*.*.*:*, which denotes a connection with any host and port. Use the format IPaddress:port where IPaddress is the IP address of the host (not its domain name), and port is the number of the port on which the host is listening.
  
  You can use the asterisk character (*) as a wildcard in any position of the IP address and in the port, for example, 149.82.*.*:23 or 149.82.50.61:*
  
  You cannot use the question mark (?) as a wildcard character.
  
  You can include comments, indicated by the pound (#) character in the first position of a line.
  
  If you want to filter multiple hosts, add additional ValidHostx=IPaddress:port properties, where x is a consecutive integer from 2 up, and IPaddress:port is the IP address and port number of the host.
Save and close SecurityGateway.properties.


	Security Services, Overview
	Configuring a Client SSL Connection