Show Contents / Index / Search

Client Host Access Control Dialog Box

Getting there

Use this dialog box to add client hosts to your allow or deny list. You can use either domain names or IP addresses to specify hosts. For either, you can use a regular expressions to specify one or more hosts.

Use a backslash before characters in the domain name that have a special meaning in regular expressions. For example, the backslashes in the sample that follows ensure that dots in the domain will be matched exactly, and not be treated as wildcard characters:

myhost\.mydomain\.com

Caution: Because a client host might be identified using a domain name, an IPv4 address, or an IPv6 address, you need to specify host names carefully. For additional information refer to the notes below.

The options are:

 

Fully qualified domain name

Select to specify a host or hosts using the fully-qualified domain name. For example, to match all hosts at acme.com, select this option and enter:

.*\.acme\.com

 

Client IP address

Select to specify a host or hosts using an IP address. The address can be in IPv4 or IPv6 format. Use \. to indicate a period in an IPv4 address to avoid unexpected wildcard matches. For example:

123\.45\.12\.45

 

Allow connect

Add the host(s) to your list of allowed hosts.

 

Deny connect

Add the host(s) to your list of denied hosts.

Notes:

  • The resolved domain name for a client is the fully qualified domain name. This means that when you add a host to the allow or deny list using a domain name, you must either use a fully qualified domain name, or a regular expression, to ensure that host domain names are handled correctly. For example, if you deny access to the client "mypc", the client mypc.myhost.com will be able to connect. You must explicitly deny access to "mypc\.myhost\.com" or use an expression such as "mypc\..*" to ensure that this client is denied access.
  • If IPv6 connections are supported, a client connecting using an IPv6 address may be allowed access even if the IPv4 address of that client is on the list of denied client hosts. To configure Reflection for Secure IT to deny all IPv6 (or IPv4) connections, from the Network pane, remove any listening address in IPv6 (or IPv4) format.
  • Client domain names are not case sensitive (as specified in RFC 4343).
  • Reflection for Secure IT always adds ^ to the beginning and $ to the end of the regular expressions that you enter. This ensures that the regular expression matches the entire input.

Related Topics

Controlling Access from Client Computers

Regular Expression Syntax

Access Control Settings