Restricting access to FocalScope from certain IP addresses 2
Monday, December 5, 2016 3:56 AM


You can control access to your internet facing FocalScope instance by explicitly allowing / denying certain IP addresses to access the FocalScope login page. However, blocking an IP address or IP address range will not affect internet users' ability to access FocalScope's public APIs and modules, such as Live Chat and the Document Center.

Tutorial

  1. In the [Main menu], select [Screen > Administration]
  2. Select the [Administration] tab
  3. Select the [User Access Control > IP security for logon] folder
  4. Ensure the [Allow access to unlisted IP addresses] option is ticked. If this option is unticked--due to the IIS IPSec standards, no IP addresses will be granted access to FocalScope web login screen
  5. Enter the IP addresses that you specifically want to allow or deny access to FocalScope in the respective allow / deny lists
  6. Click [Save] to activate the new login restrictions

Please note:

  • Only access to the login page is restricted
  • Public APIs and modules, such as Live chat & Document center, remain available to the Internet users
  • Each IP address must be specified on a separate line
  • To specify range of IP addresses, please use Address/Mask format, for example 169.253.0.0/255.255.0.0
  • Be careful not to disable access to all IP addresses as it will not be possible to correct this mistake from the web UI (access would be blocked to any IP address)
  • To limit access to the entire FocalScope instance, please use the proper  firewall / proxy-based approach


Figure 1 - Configuring IP access lists