Security |
On the tab, you can configure restrictions for network addresses from which Agents, network installers and other (“neighboring”) Dr.Web Servers will be able to access the Server. To manage Server audit log, use the following flags: • allows to log operations of administrator with Dr.Web Security Control Center and writing the log into the DB. • allows to log Dr.Web Server internal operations and writing the log into the DB. • allows to log operations via XML API.
The tab contains additional tabs on which you can set the restrictions for the correspondent types of connections: •—the list of limitations on IP addresses from which Dr.Web Agents can connect to this Server. •—the list of limitations on IP addresses from which Dr.Web Agents installers can connect to this Server. •—the list of limitations on IP addresses from which neighbor Dr.Web Servers can connect to this Server. •—the list of limitations on IP addresses from which broadcast queries can be received by the Server Detection Service. To set access restrictions for any type of connection 1.Go to the correspondent tab (, , or ). 2.To allow all connections, clear the flag. 3.To specify lists of allowed or denied addresses, set the flag. 4.To allow the access from a specific TCP address, include it into the or list. 5.To deny specific TCP address, include it into the or list. To edit the address list 1.Specify the address in the corresponding field and click . 2.To add a new field, click the button in the corresponding section. 3.To delete a field, click . The network address is specified as: <IP-address>/[<prefix>].
Examples of prefix usage: 1.Prefix 24 stands for a network with a network mask: 255.255.255.0 Containing 254 addresses. Host addresses look like: 195.136.12.* 2.Prefix 8 stands for a network with a network mask: 255.0.0.0 Containing up to 16387064 addresses (256*256*256). Host addresses look like: 125.*.*.* The addresses not included into any of the lists are allowed or denied depending on whether the flag is set. If the flag is set, the list has a higher priority than the list. Addresses not included in any of the lists or included into both of them are denied. Allowed only addresses that are included in the list and not included in the list. |