ipSettings

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

The ipSettings data type describes the ipSettings property of these data types:

  • cifsProtocol
  • consoleSecurity
  • httpProtocol
  • nfsProtocol
  • protocols
  • searchSecurity
  • smtpProtocol

Properties

The table below describes the properties included in the ipSettings data type.

Property Data type Description Notes
allowAddresses

allow

Addresses

Specifies the IP addresses to be allowed access to HCP through the given interface. By default, the set of IP addresses includes only 0.0.0.0/0.

The set of IP addresses specified in the request body replaces the set of IP addresses currently allowed access to HCP through the given interface. To remove all IP addresses, specify an empty set.

In XML, each IP address specification is the value of an element named ipAddress. In JSON, the name in the name/value pair that specifies the IP addresses is ipAddress.

allowIfInBothLists Boolean

Specifies how HCP should handle IP addresses that are either both allowed and denied or neither allowed nor denied access to HCP through the given interface. Valid values are true and false. The default is true.

For the effects of specifying true or false, see allowIfInBothLists property effects list below.

This property is not valid for the cifsProtocol, nfsProtocol, and smtpProtocol data types.

denyAddresses

deny

Addresses

Specifies the IP addresses to be denied access to HCP through the given interface. By default, the set of IP addresses is empty.

This property is not valid for the nfsProtocol data type.

The set of IP addresses specified in the request body replaces the set of IP addresses currently denied access to HCP through the given interface. To remove all IP addresses, specify an empty set.

In XML, each IP address specification is the value of an element named ipAddress. In JSON, the name in the name/value pair that specifies the IP addresses is ipAddress.

allowAddresses and denyAddresses list entries

Each ipAddress entry within an allowAddresses or denyAddresses property can have a value of:

  • An individual IP address.
  • A comma-separated list of IP addresses.
  • A range of IP addresses specified as ip-address/subnet-mask (for example, 192.168.100.197/255.255.255.0).
  • A range of IP addresses specified in CIDR format (for example, 192.168.100.0/24). The CIDR entry that matches all IP addresses is 0.0.0.0/0.

allowIfInBothLists property effects

The table below describes the effects of specifying true or false for the allowIfInBothLists property.

Listed IP addresses true false

allowAddresses: none

denyAddresses: none

All IP addresses can access HCP through the given interface. No IP addresses can access HCP through the given interface.

allowAddresses: at least one

denyAddresses: none

All IP addresses can access HCP through the given interface. Only IP addresses in the allowAddresses list can access HCP through the given interface.

allowAddresses: none

denyAddresses: at least one

All IP addresses not in the denyAddresses list can access HCP through the given interface. IP addresses in the denyAddresses list cannot. No IP addresses can access HCP through the given interface.

allowAddresses: at least one

denyAddresses: at least one

IP addresses appearing in both or neither of the lists can access HCP through the given interface. IP addresses appearing in both or neither of the lists cannot access HCP through the given interface.

Example

Here’s an XML example of the ipSettings data type:

<ipSettings>
    <allowAddresses>
         <ipAddress>192.168.140.10</ipAddress>
         <ipAddress>192.168.140.14</ipAddress>
         <ipAddress>192.168.140.15</ipAddress>
         <ipAddress>192.168.149.0/24</ipAddress>
    </allowAddresses>
    <allowIfInBothLists>false</allowIfInBothLists>
    <denyAddresses>
         <ipAddress>192.168.149.5</ipAddress>
    </denyAddresses>
</ipSettings>