Valued Contributor.. Valued Contributor..
Valued Contributor..

Restrict hosts/Clients IPs to run a oo flow

Hi,  experts

I have a customer need to improve the secruity for OO to run the flows.

They want to restrict the hosts/client IPs that can run some particular OO flows.

I think the solution might be they can do it in the OO flows they want to restrict:

1. dectect the client IPs that invoked the flow;

2. if the client IP is not in the white list, then fail directly.

3. If the client IP is in the white list, then do the flow.

But I searched for some time and did not find how in the OO flow to find the client IP addresses. I know technically the OO central knows where the requests comes from. But I do not know how to get from which IP address the OO flow is invoked in OO flow. Any ideas?

Or maybe I can set url rules in OO Tomcat server.xml to only allow only whitelist IPs to access the specific URLs that invokes those OO flows. --Would that possiblely be an alternative?

Thanks in advance,

1 Reply
Honored Contributor.. Honored Contributor..
Honored Contributor..

I'm not positive (but pretty close to positive) that OO can't do IP white/black lists in the manner you'er looking for.

I'd go down the Tomcat Remote Address Filter path.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.