Client Host Access Control Dialog Box

Getting there

Use this dialog box to add client hosts to your allow or deny list. You can use either domain names or IP addresses to specify hosts. The value you enter is interpreted as a regular expression.

Use a backslash before characters in the domain name that have a special meaning in regular expressions. For example, in regular expression syntax, a period acts as a wildcard character that matches any single character. To prevent periods in names and IP addresses from being interpreted as wildcards, precede them with a backslash (\). For example:

myhost\.mydomain\.com

Caution: Because a client host might be identified using a domain name, an IPv4 address, or an IPv6 address, you need to specify host names carefully. For additional information refer to the notes below.

The options are:

 

Fully qualified domain name

Select to specify a host or hosts using the fully-qualified domain name. For example, to match all hosts at acme.com, select this option and enter:

.*\.acme\.com

 

Client IP address

Select to specify a host or hosts using an IP address. The address can be in IPv4 or IPv6 format.

Use \. to indicate a period in an IPv4 address to avoid unexpected wildcard matches. For example:

123\.45\.12\.45

If you specify an IPv6 address, don't use the condensed form of the address; the server matches the expression you enter here with the fully expanded IPv6 address (including all zeros). For example, if the client IPv6 address is:

ff06:0000:0000:0000:0000:0000:0000:00c3

The following condensed address will not be a match.

ff06::c3

 

Allow connect

Add the host(s) to your list of allowed hosts.

 

Deny connect

Add the host(s) to your list of denied hosts.

 

Notes:

  • The resolved domain name for a client is the fully qualified domain name. This means that when you add a host to the allow or deny list using a domain name, you must either use a fully qualified domain name, or a regular expression, to ensure that host domain names are handled correctly. For example, if you deny access to the client "mypc", the client mypc.myhost.com will be able to connect. You must explicitly deny access to "mypc\.myhost\.com" or use an expression such as "mypc\..*" to ensure that this client is denied access.
  • If IPv6 connections are supported, a client connecting using an IPv6 address may be allowed access even if the IPv4 address of that client is on the list of denied client hosts. To configure Reflection for Secure IT to deny all IPv6 (or IPv4) connections, from the Network pane, remove any listening address in IPv6 (or IPv4) format.
  • Client domain names are not case sensitive (as specified in RFC 4343).
  • Reflection for Secure IT always adds ^ to the beginning and $ to the end of the regular expressions that you enter. This ensures that the regular expression matches the entire input.

Related Topics

Controlling Access from Client Computers

Regular Expression Syntax

Access Control Settings