Jump to content


Photo

Allow access to web server either via IP address whitelisting or client certificate

SSL certificate

This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 Ali Khalfan

Ali Khalfan
  • Members
  • 2 posts

Posted 01 March 2016 - 01:17 PM

A scenario that enterprise systems may implement is to limit access to a web server restricting the users. Currently, the WAF offers the functionality of limiting access to a site by only allowing specific IP addresses or by a client-side certificate.  However, for the same service, both options cannot be used. A web service can have only one layer, either IP address check or a client-side check. 

 

The scenario in this case would be that a client must provide one of two options.  Either provide an IP address for whitelisting, or if that is not feasible, provide a client-side certificate.  Currently, this is not possible in WAF.