Restricting access to a tenant using an IP whitelist

This help section is only available to users with ABBYY FlexiCapture administrator permissions.

To improve the security of your tenant, you can use a whitelist of IP addresses.

The IP Whitelist feature in the ABBYY FlexiCapture 12 Authentication Module can be set up to restrict access to a tenant from IP addresses that do not appear on a predefined whitelist. This feature is not enabled by default (see Enabling the IP Whitelist feature below).

Using the IP Whitelist feature

  • A list of default tenant IP addresses cannot be used as a whitelist.
  • ABBYY FlexiCapture Authentication Module is required.
  • By default, only the IPv4 protocol in the following formats is supported:
    • A specific IP address:

192.168.0.48

  • A range of IP addresses:

192.168.0.48/24 (CIDR)

  • Access from a local computer running the Processing Server:

::1

Enabling the IP Whitelist feature

The IP Whitelist can be enabled either in the dbo.Tenant table or in the Administration and Monitoring Console:

In the dbo.Tenant table:

To enable the IP Whitelist feature, set the fourth bit to the appropriate tenant in the Flags field in the dbo.Tenant table.

The instructions below use Microsoft SQL Server as an example

In the Administration and Monitoring Console:

  1. Launch the Administration and Monitoring Console under the required tenant.
  2. Go to Settings -> IP Whitelist.
  3. Select Enable IP whitelisting.
  4. In the Allowed IP address blocks field, specify the allowed IP addresses or range of addresses in CIDR format.
    Note: When you specify IP addresses in CIDR format, the program will automatically calculate the range of IP addresses.
  5. Click Save.

Important!

  • You can use the Administration and Monitoring Console to specify white-listed IP address only within tenants. You will not be able to white-list IP addresses in the main environment. .
  • You must have the role of ABBYY FlexiCapture administrator or tenant administrator to be able to white-list IP addresses.

IPv6 protocol

If the computer running the Processing Server has both the IPv4 and IPv6 protocols enabled, you need to additionally specify the address of the machine that has IPv6 enabled. Alternatively, you can disable the IPv6 protocol.

For proxy connections, specify the IPv6 address of the proxy server in IP whitelist.

Sample whitelist for IPv6:

Getting an IP whitelist using the ABBYY FlexiCapture API

You can use the GetWhiteIPList method to get the IP whitelist as follows:

GetWhiteIPList("ID_Tenant" or "-1")

In the brackets, specify either the ID of a particular tenant or the value "-1", which will display whitelisted addresses for all tenants.

Sample PowerShell Script API call:

$url = "http://localhost
$authUri = $url + '/FlexiCapture12/Server/AuthAPI/v1/WSDL'
$authSvc = New-WebServiceProxy -Uri $authUri -UseDefaultCredential
$test = $authSvc.GetWhiteIPList(-1)
$test

The sample script above displays whitelisted IP addresses when executed.

4/12/2024 6:16:02 PM

Please leave your feedback about this article

Usage of Cookies. In order to optimize the website functionality and improve your online experience ABBYY uses cookies. You agree to the usage of cookies when you continue using this site. Further details can be found in our Privacy Notice.