When running a Web Agent, how to authorize access to the Form Authentication Scheme by IP of the calling browser?

Web Agent 12.52SP1CR10 on Apache 2.4;

SiteMinder offers that feature to be applied in a given Policy (1) only.

There, the Host, subnet, IP ranges allowed to access the resource after Authentication can be defined.

It's based on browser IP.

To restrict access before Authentication, each Web Server has its own mechanism to be implemented.

Here's a thread where it has been discussed the similar issue (2).

This can be done at the Web Server level (3)(4).

Further, there's a functionality to limit which Web Agent IP can access a given Authentication Scheme (5).

This applies to the Web Agent or Agent IP. This doesn't apply to the Browser IP. This feature is available from 12.8SPx Policy Server only (6).

So, to block access to a given Authentication Scheme by the Browser IP, configure the Web Server, or implement a Custom Authentication Scheme with specific custom code to verify the Browser IP.

1. IP Restriction Group Box
   
   
2. Manadge IP white list with CA Access Gateway
   
   
3. Access Control
   
   
4. IIS 8.0 Dynamic IP Address Restrictions
   
   
5. Authentication Scheme Level IP Allowlisting
   
   
6. Release Comparison