Configuring Filtering Rules

Filtering rules allow you to control client hosts from which the login to the control panel with a shared secret is permitted.

A filtering rule is an entity with the following properties:

  • IP Address: the IP address of a client, network or proxy server
  • Netmask: the netmask
  • Order in IP addresses chain: the order of the filtering rule in the list of rules

When a staff member of a direct child customer account tries to log in to the control panel with a shared secret, CloudBlue Commerce validates the following conditions:

  • IP address of a client is permitted. This is controlled by the filtering rule where the Order in IP addresses chain property value is 0. The IP Address and Netmask properties of the filtering rule define the IP address of a client or a whole network from which login with a shared secret is permitted. If such a filtering rule is not specified, CloudBlue Commerce does not validate the client's IP address.

  • HTTP request is passed through the specified proxy server. This is defined by the filtering rule where the Order in IP addresses chain properties specify the number of the proxy server (numbering begins from the CloudBlue Commerce UI server). The IP Address and Netmask properties of the filtering rule define the IP address of the proxy server. If the filtering rules are not specified for proxy servers, CloudBlue Commerce does not validate that HTTP requests are passed through the specified proxy servers.

    Note:
    1. The CloudBlue Commerce branding server acts as a proxy server. It adds the BackNet IP address to the X-Forwarded-For HTTP header.
    2. If the filtering rules are not specified, login with a shared secret is permitted for staff members of a direct child customer account.

Examples of applying the filtering rules:

Filtering Rules

Rule ID IP Address Netmask Order in IP addresses chain

A

10.0.0.102

255.255.255.255

0

B

10.0.0.1

255.255.255.255

2

Example 1

The client's host (10.0.0.101) connects to the CloudBlue Commerce CP through a chain of the following proxy servers: Proxy Server 2 (10.0.0.2), Proxy Server 1 (10.0.0.1), and CloudBlue Commerce Branding Server (10.0.0.10/192.168.0.2). CloudBlue Commerce accepts this client's host because the HTTP request is passed through the Proxy Server 1 (10.0.0.1) according to filtering rule B.

Example 2

The client's host (10.0.0.101) connects to the CloudBlue Commerce CP through a chain of the following proxy servers: Proxy Server 1 (10.0.0.1) and CloudBlue Commerce Branding Server (10.0.0.10/192.168.0.2). CloudBlue Commerce accepts this client's host because the HTTP request is passed through the Proxy Server 1 (10.0.0.1) according to filtering rule B.

Example 3

The client's host (10.0.0.101) connects to the CloudBlue Commerce CP through the chain of the following proxy servers: Proxy Server 3 (10.0.0.3) and CloudBlue Commerce Branding Server (10.0.0.10/192.168.0.2). CloudBlue Commerce rejects this client's host due to the following reasons: connections through the Proxy Server 3 (10.0.0.3) or CloudBlue Commerce Branding Server (10.0.0.10/192.168.0.2) are not allowed by the filtering rules; the IP address of the client's host is not allowed by the filtering rules.

Example 4

The client's host (10.0.0.102) connects to the CloudBlue Commerce CP through a chain of the following proxy servers: Proxy Server 3 (10.0.0.3) and CloudBlue Commerce Branding Server (10.0.0.10/192.168.0.2). CloudBlue Commerce accepts this client's host according to filtering rule A.

Important: Proxy servers must specify the X-Forwarded-For (XFF) HTTP header.

© 2024 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.
I accept