Restricting access to a tenant using an IP whitelist
This help section is only available to users with ABBYY FlexiCapture administrator permissions.
To improve the security of your tenant, you can use a whitelist of IP addresses.
The IP Whitelist feature in the ABBYY FlexiCapture 12 Authentication Module can be set up to restrict access to a tenant from IP addresses that do not appear on a predefined whitelist. This feature is not enabled by default (see Enabling the IP Whitelist feature below).
Using the IP Whitelist feature
- A list of default tenant IP addresses cannot be used as a whitelist.
- ABBYY FlexiCapture Authentication Module is required.
- By default, only the IPv4 protocol in the following formats is supported:
- A specific IP address:
192.168.0.48
- A range of IP addresses:
192.168.0.48/24 (CIDR)
- Access from a local computer running the Processing Server:
::1
- If the computer running the Processing Server has both the IPv4 and IPv6 protocols enabled at the same time, you will additionally need to specify the address of the IPv6 node in the whitelist.
Enabling the IP Whitelist feature
The IP Whitelist can be enabled either in the dbo.Tenant table or in the Administration and Monitoring Console:
In the dbo.Tenant table:
To enable the IP Whitelist feature, set the fourth bit to the appropriate tenant in the Flags field in the dbo.Tenant table.
The instructions below use Microsoft SQL Server as an example
In the Administration and Monitoring Console:
- Launch the Administration and Monitoring Console under the required tenant.
- Go to Settings -> IP Whitelist.
- Select Enable IP whitelisting.
- In the Allowed IP address blocks field, specify the allowed IP addresses or range of addresses in CIDR format.
Note: When you specify IP addresses in CIDR format, the program will automatically calculate the range of IP addresses. - Click Save.
Important!
- You can use the Administration and Monitoring Console to specify white-listed IP address only within tenants. You will not be able to white-list IP addresses in the main environment. .
- You must have the role of ABBYY FlexiCapture administrator or tenant administrator to be able to white-list IP addresses.
IPv6 protocol
If the computer running the Processing Server has both the IPv4 and IPv6 protocols enabled, you need to additionally specify the address of the machine that has IPv6 enabled. Alternatively, you can disable the IPv6 protocol.
For proxy connections, specify the IPv6 address of the proxy server in IP whitelist.
Sample whitelist for IPv6:
Getting an IP whitelist using the ABBYY FlexiCapture API
You can use the GetWhiteIPList method to get the IP whitelist as follows:
GetWhiteIPList("ID_Tenant" or "-1")
In the brackets, specify either the ID of a particular tenant or the value "-1", which will display whitelisted addresses for all tenants.
Sample PowerShell Script API call:
$url = "http://localhost
$authUri = $url + '/FlexiCapture12/Server/AuthAPI/v1/WSDL'
$authSvc = New-WebServiceProxy -Uri $authUri -UseDefaultCredential
$test = $authSvc.GetWhiteIPList(-1)
$test
The sample script above displays whitelisted IP addresses when executed.
4/12/2024 6:16:02 PM