Domain: Security: Filter
Configuration Options Related Tasks Related Topics
This page allows you to define connection filter settings for this WebLogic Server domain.
Connection filters add an aditional layer of security by filtering unwanted network connections. For example, you can deny any non-SSL connections originating outside of your corporate network.
Name Description Connection Logger Enabled
Specifies whether this WebLogic Server domain should log accepted connections.
The name of the Java class that implements a connection filter (that is, the
weblogic.security.net.ConnectionFilterinterface). If no class name is specified, no connection filter will be used.
Connection Filter Rules
The rules used by any connection filter that implements the
ConnectionFilterRulesListenerinterface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format:
target localAddress localPort
The syntax of the rules is as follows:
- Each rule must be written on a single line in the source code.
- Tokens in a rule are separated by white space.
- A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.
- Whitespace before or after a rule is ignored.
- Lines consisting only of whitespace or comments are skipped
All rules have the following format:
rget localAddress localPort action protocols
targetspecifies one or more servers to filter.
localAddressdefines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)
localPortdefines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server).
actionspecifies the action to perform. The value must be allow or deny).
protocolsis the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.
Two kinds of rules are recognized:
- A fast rule applies to a hostname or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated.
- A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance.