Skip to main content
ExLibris

Knowledge Assistant

BETA
Back
Rosetta

 

Ex Libris Knowledge Center
  1. Search site
    Go back to previous article
    2. Sign in
      • Sign in
      • Forgot password
  1. Home
  2. Rosetta
  3. Knowledge Articles
  4. Access Rights Policy based on IP Range

Access Rights Policy based on IP Range

  1. Last updated
  2. Save as PDF
  3. Share
    1. Share
    2. Tweet
    3. Share
  1. Question
  2. Answer
  • Product: Rosetta
  • Product Version: 8.1

Question

How Rosetta checks the IPs during delivery using Access Rights Policy based on "IP Range" ? 

Answer

Rosetta only supports IPv4 in Access Rights Policy "IP Range" field. 

During the delivery using Access Rights Policy based on "IP Range" Rosetta first checks if the HTTP request has "client_ip_header" as entered in the General Parameter (typically  "X-Forwarded-For").

If the "client_ip_header" HTTP header (i.e. "X-Forwarded-For") value exist Rosetta checks if the header's value is a valid IPv4 value.  (If multiple such headers exist, Rosetta checks the value of such first header). Then: 

  • If it's valid IPv4 value, Rosetta compares it with the Access Rights Policy conditions. (More details on how Access Rights work)

  • If it's not valid IPv4 value, (like when IPv6 is used, or that the "client_ip_header" header's value is a string of comma delimited IPs, etc), then Rosetta uses the REMOTE ADDRESS (i.e. the first left column in Tomcat access log).

 

Example 1

192.168.0.1 "192.168.0.2" - - [22/Aug/2023:01:46:29 +0200] GET /delivery/.....

Assuming the "client_ip_header" is set to "X-Forwarded-For", Rosetta would compare the relevant Access Rights Policy conditions against "192.168.0.2".

Example 2

192.168.0.1 "0:0:0:0:0:0:0:2" - - [22/Aug/2023:01:46:29 +0200] GET /delivery/.....

Assuming the "client_ip_header" is set to "X-Forwarded-For", Rosetta would ignore the non valid IPv4 value and would compare the relevant Access Rights Policy conditions against the remote address value 192.168.0.1.

Example 3

0:0:0:0:0:0:0:2 "-" - - [22/Aug/2023:01:46:29 +0200] GET /delivery/.....

Assuming the "client_ip_header" is set to "X-Forwarded-For" and no value is passed, Rosetta would compare the relevant Access Rights Policy conditions against the remote address "0:0:0:0:0:0:0:2", but since this value is not IPv4 the request would get rejected since Access Rights "IP Range" field support only IPv4. 

 

  • Article last edited: 26-Aug-2024
View article in the Exlibris Knowledge Center
  1. Back to top
    • 5.1 SP Upgrade- Workaround PDS Bug That Does not Allow Special Characters
    • Add a new FL to a REP with descriptive metadata via API
  • Was this article helpful?

Recommended articles

  1. Article type
    How-To
    Community Content Type
    How To
    Content Type
    Documentation
    Language
    English
    Product
    Rosetta
  2. Tags
    1. Access Right
    2. client_ip_header
    3. IP address
    4. X-Forwarded-For
  1. © Copyright 2024 Ex Libris Knowledge Center
  2. Powered by CXone Expert ®
  • Term of Use
  • Privacy Policy
  • Contact Us
2024 Ex Libris. All rights reserved