ACCESS Section

The ACCESS section configures client accesses based on IP address, network/netmask, header information, and the order of applying configurations.

This section can be applied to the SERVICE and SERVER sections. The defined resources from each of these sections are accepted or denied.

Configuration Items

The following is the configuration format of the ACCESS section.

#"access": {
    "access_list": [
        {
            "name": string,
            "policy": string,
            #"allow_network": [string],
            #"deny_network": [string],
            #"allow_header": [string],
            #"deny_header": [string],
            #"method_whitelist": [string],
            #"method_blacklist": [string]
        }
    ]
}

Refer to Types of Setting Values and Configuration Methods for more information on symbols and details of the ACCESS section configuration items.

access_list

A list of access control configuration objects for the ACCESS section.

Item Description

Data Type

Array (object)

access_list/name (Required)

Sets the ACCESS section name.

Item Description

Data Type

String

Range

Up to 255 characters

access_list/policy (Required)

Sets the order of application for method, allow_network, allow_header, deny_network, and deny_header.

Item Description

Data Type

String

Values

"blacklist" | "whitelist" | "method_only"

access_list/allow_network

Sets the IP addresses or networks/netmasks that are allowed for requests. The special value 'Allow = "all"' means all IP addresses.

Item Description

Data Type

Array (string)

Range

Up to 256 items (within 255 characters)

access_list/deny_network

Sets the IP addresses or networks/netmasks that are denied for requests.

Item Description

Data Type

Array (string)

Range

Up to 256 items (within 255 characters)

access_list/allow_header

Sets the headers that are allowed in the request. The value of the <header field name> in the request matches the pattern of <regular expression>.

Item Description

Data Type

Array (string)

Range

Up to 256 items (within 255 characters)

Format

<header field name> <regular expression>

access_list/deny_header

Sets the headers that are denied in the request. The value of the <header field name> in the request matches the pattern of <regular expression>.

Item Description

Data Type

Array (string)

Range

Up to 256 items (within 255 characters)

Format

<header field name> <regular expression>

access_list/method_whitelist

Sets the HTTP method to use. However, this cannot be set simultaneously with method_blacklist.

Item Description

Data Type

Array (string)

Values

"GET", "POST", "PUT", "HEAD", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH", "PROPFIND", "PROPPATCH", "MKCOL", "COPY", "MOVE", "LOCK", "UNLOCK"

access_list/method_blacklist

Sets HTTP methods to be excluded. However, this cannot be set simultaneously with method_whitelist.

Item Description

Data Type

Array (string)

Values

"GET", "POST", "PUT", "HEAD", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH", "PROPFIND", "PROPPATCH", "MKCOL", "COPY", "MOVE", "LOCK", "UNLOCK"

Example

The following is an example configuration of the ACCESS section.

{
    "access": {
        "access_list": [
            {
                "name": "access1",
                "policy": "blacklist",
                "deny_network": [ "192.168.1.43/255.255.255.0" ]
            }
        ]
    }
}