Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.

In IP and HTTP method configuration you can configure which IP addresses are allowed to access an author or public instance. If an IP that is not configured attempts to access the instance, it will be denied access.

The filtering also verifies the HTTP methods that the IP can use when accessing the instance. If an allowed IP attempts to access the instance using a HTTP method that is not configured, it will be denied access.

IP and HTTP method configuration is in Configuration > /server/IPConfig.

Node name

Value

 server

 

 IPConfig

 

 allow-all

 

 IP

*

 methods

GET,POST,PUT,DELETE

 class

info.magnolia.cms.security.IPSecurityManagerImpl

In the example above, allow-all is a rule. You can add any number of rules under /server/IPConfig. Each rule must have IP and methods properties. The IP property's value must be a single IP address but * is also allowed as a wildcard. You can set the methods property to multiple HTTP methods separated by commas. Any valid HTTP method can be included in the list.

To create a rule:

  1. Add a content node in Configuration > /server/IPConfig.
  2. Add IP and methods properties.
  3. Set the value of the IP property to * (for all IPs) or a specific IP. The value needs to be the remote IP address contained within a HTTP servlet request.
  4. Set the value of the methods property to HTTP methods (single or separated by commas).

The default setting allows all IPs to access the instance using GET, POST, PUT and DELETE methods. You can also allow HEAD methods. HEAD, PUT and DELETE methods are typically used by services such as the WebDAV or REST modules. This makes is possible to use other tools to edit content on the author instance or to integrate other applications on the public instance.

  • No labels