bea.com | products | dev2dev | support | askBEA
 Download Docs   Site Map   Glossary 
Search
e-docs > WebLogic Server > Administration Console Online Help > Compatibility Security

Administration Console Online Help

 Previous Next Contents Index  

 

Domain-->Security-->Filter

Tasks     Related Topics     Attributes

Overview

Connection filters add an aditional layer of security by filtering unwanted network connections. For example, you can deny any non-SSL connections originating outside of your corporate network. Use this tab to configure a connection filter for the WebLogic domain.

Tasks

Configuring Connection Filtering

Related Topics

Introduction to WebLogic Security

Managing WebLogic Security

Programmimg WebLogic Security

Developing Security Providers for WebLogic Server

Securing a WebLogic Server Deployment

Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0

Security FAQ

Attributes

Table 1-14

Attribute Label

Description

Value Constraints

Connection Logger Enabled

Enables the logging of accepted connections. This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

MBean: weblogic.management.
configuration.
SecurityMBean

Attribute: ConnectionLoggerEnabled

Default: false

Valid values:

  • true

  • false

Dynamic: yes

Connection Filter

The name of the Java class that implements a connection filter. The connection filter must be an implementation of the weblogic.security.net.ConnectionFilter interface. WebLogic Server provides a default implementation.

MBean: weblogic.management.
configuration.
SecurityMBean

Attribute: ConnectionFilter

Default: null

Connection Filter Rules

The list of rules for the system connection filter. If none are specified, all connections are accepted.

The syntax of the rules is as follows:

  • Each rule must be written on a single line in the source code.

  • Tokens in a rule are separated by white space.

  • A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.

  • Whitespace before or after a rule is ignored.

  • Lines consisting only of whitespace or comments are skipped.

All rules have the following format:

target localAddress localPort action protocols

where

target specifies one or more servers to filter.

localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)

localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server).

action specifies the action to perform. The value must be allow or deny).

protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.

Default: null

Dynamic: yes


Two kinds of rules are recognized:

A fast rule applies to a hostname or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated.A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance.

MBean: weblogic.management.
configuration.
SecurityMBean

Attribute: ConnectionFilterRules


 

Back to Top Previous Next