Manualshelf

SSL Reference Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
51525354555657585960
# allow any message starting with "<B"
regexp "^<B."
DENYIP
Use this parameter to specify which remote IP addresses are to be forbidden to establish sessions ("black list").
Parameter Syntax
DENYIP [direction]range
Arguments
direction
Optional character specifying realm on which rules shall be applied
o A = Apply rules on incoming connections only
o C = Apply rules on outgoing connections only
o B = Apply rules on all connections only (*default*)
range
One or more Classless Interdomain Routing (CIDR) format entries specifying an IP subnet or a single host IP
address. Entries have to be separated by comma. The network suffix can be left out for host entries (/32 or /128
will be assumed then). IPv6/DUAL entries have to be specified in square brackets. Entry types and the
corresponding CIDR format:
o IPv4 address: 10.1.2.196 ( /32 is assumed)
o IPv4 subnet : 10.2.0.0/16
o IPv6 address: [abcd:1111::ab00] ( /128 is assumed)
o IPv6 subnet : [abcd::ef00/120]
o DUAL address: [::ffff:172.0.0.28] ( /128 is assumed)
o DUAL subnet : [::ffff:172.1.1.0/104]
Considerations
See section "Limiting Remote IP Addresses
" (in chapter "Introduction") for the concept of remote IP filtering
The parameter can be changed at run time using SSLCOM, please see chapter "SSLCOM Command Interface"
for details.
Backwards compatibility to the former syntax is preserved, however in the mid-term ALLOWIP and DENYIP
should be changed to using CIDR format.
Default
If omitted, HP NonStop SSL will use an empty entry, respectively *DEFAULT* to not forbid any remote IP addresses.
Example
DENYIP 10.0.1.0/24, 10.0.2.0/24, 172.22.22.42
DENYIP A[abcd::ef00/120] , [abcd:1111::ab00] , [::ffff:172.1.1.0/104]
54 Configuration HP NonStop SSL Reference Manual