Documentation Center

Configuring a whitelist of IP addresses from which cookies may be sent

A whitelist specifies IP addresses or ranges from which cookies are accepted even if authentication fails.

About this task

The Web service accepts Ambient Data Framework cookies in an incoming request if at least one of the following is true:

  • The request comes from an authenticated user account for which cookie forwarding is allowed.
  • The request comes from an IP address that is in a whitelist of acceptable IP addresses and/or IP ranges.

If neither of these conditions is met, the cookie is ignored (but the request is not).

This topic explains how to configure the whitelist of acceptable IP addresses or IP ranges on the Web service.

Procedure

  1. On the machine that runs the Content Delivery Web service, access its configuration directory: either WEB-INF/classes for a Java Web application or bin\config for a .NET Web application.
  2. Open the Ambient Data Framework configuration file, cd_ambient_conf.xml for editing.
  3. In the Security section, after the SharedSecret element but before the GloballyAcceptedClaims section, add a new section called WhiteList.
  4. Inside this section, add a new section called IpAddresses.
  5. Inside this section, add one or more elements called Ip. Set the contents of each element to one of the following:
    • A specific IP address from which you wish to allow cookies, for example, 129.168.0.14
    • An IP range from which you wish to allow cookies, for example, 192.0.0.0-100.0.0.0

    The result should look as follows:

    <WhiteList>
    	<IPAddresses>
    		<Ip>192.168.0.1</Ip>
    		<Ip>192.0.0.0-100.0.0.0</Ip>
    	</IPAddresses>
    </WhiteList>
    <GloballyAcceptedClaims>
  6. Save and close cd_ambient_conf.xml.