Support > Repository > Account > Logon restriction by IP address
ja | en

Logon can be restricted by IP address of user terminal.

Open the account update screen. In the "Logon Rule" column at the bottom of the screenIP address to allow connection.

Figure 1 Specify the IP address to allow connection

The description rules are as follows.

  • If this setting field is blank, logon restriction by IP address is not performed.
  • Multiple IP addresses can be enumerated by comma in one setting field.
  • The IP address notation corresponds to (regular expression expression of Java).

Handling of commas7.9

  • Commas in curly braces {} and square brackets [] and commas after backslash \ are not treated as delimiters.
  • When an IPv4/IPv6 IP address is specified, it is not treated as a regular expression.

With this rule, for example the following format is possible.

(0:){1,10}1,::1,127.0.0.1

:: 1 is IPv6 IP address (you can omit 0: 0: ... by writing ::), 127.0.0.1 is the IPv4 IP address.

Log output at check7.9

By setting the following in log4j.properties, the log at the time of checking is output.

log4j.logger.jp.jasminesoft.jfc.service.LogonService=DEBUG

(0:) {1, 10} 1, :: 1, 127.0.0.1 is specified.

2016-xx-xx 0:00:00 [DEBUG jp.jasminesoft.jfc.service.LogonService checkRemoteAddress] not match ipaddress 127.0.0.1. rule regex:(0:){1,10}1
2016-xx-xx 0:00:00 [DEBUG jp.jasminesoft.jfc.service.LogonService checkRemoteAddress] not match inetaddress /127.0.0.1. rule inetaddress:/0:0:0:0:0:0:0:1
2016-xx-xx 00:00:00 [DEBUG jp.jasminesoft.jfc.service.LogonService checkRemoteAddress] match inetaddress /127.0.0.1. rule inetaddress:/127.0.0.1

If logon fails

If logon fails, a message similar to that shown in Figure 2 appears on the logon screen.

Figure 2 Logon failure due to rule violation

Also, the IP address of the user terminal is recorded in the log.

JFC - 00035: Account XXX attempted to log on from terminal with IP address xxx, but did not match logon rules.

When this setting is made, please test that it is not accessed from other than the specified IP address. In particular, when describing an IP address using a regular expression, be sure to check whether it will be accessed from an unexpected machine due to a mistake in the expression of a regular expression.