Documentation Center

Configuring a whitelist of IP addresses from which Footprint Claims may be sent

A whitelist specifies IP addresses or ranges from which Footprint Claims are accepted even if authentication fails. This also applies to your custom Footprints.

About this task

Experience Manager accepts Ambient Data Framework Claims in an incoming request if at least one of the following is true:
  • The request comes from an authenticated user account for which Claim forwarding is allowed.
  • The request comes from an IP address that is in a whitelist of acceptable IP addresses and/or IP ranges.

If neither of these conditions is met, the Claim is ignored (but the request is not).

This topic explains how to configure the whitelist of acceptable IP addresses or IP ranges.

Procedure

  1. Access your presentation environment.
  2. Navigate to the configuration location of a Web site for which you have the Ambient Data Framework enabled.
  3. In this location, open cd_ambient_conf.xml for editing.
  4. In the Security section, after the SharedSecret element but before the GloballyAcceptedClaims section, ensure the presence of a section called WhiteList.
  5. Inside this section, add a new section called IpAddresses.
  6. Inside this section, add one or more elements called Ip. Set the contents of each element to one of the following:
    • A specific IP address from which you want to allow Claims, for example, 129.168.0.14
    • An IP range from which you want to allow Claims, for example, 192.0.0.0-100.0.0.0
    The result should look as follows:
    <WhiteList>
      <IpAddresses>
        <Ip>129.168.0.14</Ip>
        <Ip>192.0.0.0-100.0.0.0</Ip>
      </IpAddresses>
    </WhiteList>
  7. Save and close cd_ambient_conf.xml.
  8. Restart the Web site.
  9. Repeat steps 2-8 for other Web sites as needed.
  10. On the machine that runs the Session-enabled Content service, access its configuration location.
  11. Add the same <WhiteList> section to the file cd_ambient_conf.xml, in the same location in the file.
  12. Reinstall the Session-enabled Content Service by doing one of the following:
    • If you installed the service using the installService.ps1 PowerShell cmdlet, uninstall it by running uninstallService.ps1. Then run installService.ps1 again, with the same parameter-value pairs you used originally.
    • If you installed the service using the start.ps1 PowerShell cmdlet, kill the process. Then run start.ps1 again, with the same parameter-value pairs you used originally.
    • If you installed the service using the start.sh shell command, uninstall it by running stop.sh. Then run start.sh again, with the same parameter-value pairs you used originally.