Domain: Security: Filter

This page allows you to define connection filter settings for this WebLogic Server domain.

Connection filters add an additional layer of security by filtering unwanted network connections. For example, you can deny any non-SSL connections originating outside of your corporate network.

Configuration Options

Name Description

Name	Description
Connection Logger Enabled	Specifies whether this WebLogic Server domain should log accepted connections. MBean Attribute: `SecurityMBean.ConnectionLoggerEnabled`
Connection Filter	The name of the Java class that implements a connection filter (that is, the `weblogic.security.net.ConnectionFilter` interface). If no class name is specified, no connection filter will be used. MBean Attribute: `SecurityMBean.ConnectionFilter` Changes take effect after you redeploy the module or restart the server.
Connection Filter Rules	The rules used by any connection filter that implements the `ConnectionFilterRulesListener` interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: `target localAddress localPort` `action protocols`. The syntax of the rules is as follows: Each rule must be written on a single line in the source code. Tokens in a rule are separated by white space. A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored. Whitespace before or after a rule is ignored. Lines consisting only of whitespace or comments are skipped All rules have the following format: `target localAddress localPort action protocols` where `target` specifies one or more servers to filter. `localAddress` defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.) `localPort` defines the port on which the server is listening. (If you specify an asterisk, the match returns all available ports on the server). `action` specifies the action to perform. (The value must be allow or deny). `protocols` is the list of protocol names to match. (One of the following protocols must be specified: http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule. Two kinds of rules are recognized: A fast rule applies to a host name or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated. A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance. MBean Attribute: `SecurityMBean.ConnectionFilterRules`

Connection Logger Enabled

Specifies whether this WebLogic Server domain should log accepted connections.

MBean Attribute:
SecurityMBean.ConnectionLoggerEnabled

Connection Filter

The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.

MBean Attribute:
SecurityMBean.ConnectionFilter

Changes take effect after you redeploy the module or restart the server.

Connection Filter Rules

The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols.

The syntax of the rules is as follows:

Each rule must be written on a single line in the source code.
Tokens in a rule are separated by white space.
A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.
Whitespace before or after a rule is ignored.
Lines consisting only of whitespace or comments are skipped

All rules have the following format:

target localAddress localPort action protocols

where

target specifies one or more servers to filter.

localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.)

localPort defines the port on which the server is listening. (If you specify an asterisk, the match returns all available ports on the server).

action specifies the action to perform. (The value must be allow or deny).

protocols is the list of protocol names to match. (One of the following protocols must be specified: http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.

Two kinds of rules are recognized:

A fast rule applies to a host name or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated.
A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance.

MBean Attribute:
SecurityMBean.ConnectionFilterRules

Administration Console Online Help

Domain: Security: Filter

Configuration Options