Sometimes you may need to install Administration Console with multiple IP address. For example, when you install Administration Console and Identity Server on the same machine. Identity Server must be accessible and the services provided by Access Manager must be available on the Internet. This might cause a security issue with Administration Console.
Perform the following steps to secure Administration Console in this scenario:
Open the server.xml file.
Linux: /opt/novell/nam/adminconsole/conf/
Windows: \Program Files (x86)\Novell\Tomcat\conf
Add the following lines before the end of the </Host> block:
<Context path="/nps">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="xxx.yyy.zzz.www"/>
</Context>The syntax for the allow directive, which can also be changed to a deny directive, is a comma-separated IP regular expressions list (Perl regex format). A simple example is as follows:
allow="192.168.10[1-3].[0-9]*"
This allows you to access Administration Console following IP addresses:
192.168.101.0/24, 192.168.102.0/24, 192.168.103.0/24.
If you write the syntax as follows:
deny=="192.168.10[1-3].[0-9]*"
then Administration Console access is blocked from the following IP address:
192.168.101.0/24, 192.168.102.0/24,192.168.103.0/24