Restrict hosts/Clients IPs to run a oo flow
I have a customer need to improve the secruity for OO to run the flows.
They want to restrict the hosts/client IPs that can run some particular OO flows.
I think the solution might be they can do it in the OO flows they want to restrict:
1. dectect the client IPs that invoked the flow;
2. if the client IP is not in the white list, then fail directly.
3. If the client IP is in the white list, then do the flow.
But I searched for some time and did not find how in the OO flow to find the client IP addresses. I know technically the OO central knows where the requests comes from. But I do not know how to get from which IP address the OO flow is invoked in OO flow. Any ideas?
Or maybe I can set url rules in OO Tomcat server.xml to only allow only whitelist IPs to access the specific URLs that invokes those OO flows. --Would that possiblely be an alternative?
Thanks in advance,
Re: Restrict hosts/Clients IPs to run a oo flow
I'm not positive (but pretty close to positive) that OO can't do IP white/black lists in the manner you'er looking for.
I'd go down the Tomcat Remote Address Filter path.