Skip navigation.

eDocs Home > BEA WebLogic Server 8.1 Documentation > Administration Console Online Help > Domain-->Security-->Filter

Administration Console Online Help

  Previous Next vertical dots separating previous/next from contents/index/pdf Contents Index

 

Domain-->Security-->Filter

Tasks     Related Topics     Attributes

Overview

Connection filters add an aditional layer of security by filtering unwanted network connections. For example, you can deny any non-SSL connections originating outside of your corporate network. Use this page to configure a connection filter for the WebLogic domain.

Tasks

Configuring Connection Filtering

Related Topics

Introduction to WebLogic Security

Managing WebLogic Security

Securing WebLogic Resources

Programmimg WebLogic Security

Developing Security Providers for WebLogic Server

Securing a Production Environment

The Security topics in the WebLogic Server 8.1 Upgrade Guide

Security FAQ

The Security page in the WebLogic Server documentation

Attributes

Table 192-1

Attribute Label

Description

Value Constraints

Connection Logger Enabled

Specifies whether this WebLogic domain should log accepted connections.

MBean: weblogic.management.
configuration.
SecurityMBean

Attribute: ConnectionLoggerEnabled

Default: false

Valid values:

  • true

  • false

Dynamic: yes

Connection Filter

The name of the Java class that implements a connection filter. The connection filter must be an implementation of the weblogic.security.net.ConnectionFilter interface. WebLogic Server provides a default implementation.

MBean: weblogic.management.
configuration.
SecurityMBean

Attribute: ConnectionFilter

Default: null

Connection Filter Rules

The list of rules for the system connection filter. If none are specified, all connections are accepted.

The syntax of the rules is as follows:

  • Each rule must be written on a single line in the source code.

  • Tokens in a rule are separated by white space.

  • A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.

  • Whitespace before or after a rule is ignored.

  • Lines consisting only of whitespace or comments are skipped.

All rules have the following format:

target localAddress localPort action protocols

where

target specifies one or more servers to filter.

localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)

localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server).

action specifies the action to perform. The value must be allow or deny).

protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.

Default: null

Dynamic: yes


Two kinds of rules are recognized:

  • A fast rule applies to a hostname or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated.
  • A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance.

MBean: weblogic.management.
configuration.
SecurityMBean

Attribute: ConnectionFilterRules


 

Skip navigation bar  Back to Top Previous Next