When running a Web Agent, how to authorize access to the Form
Authentication Scheme by IP of the calling browser ?
Web Agent 12.52SP1CR10 on Apache 2.4
At first glance, SiteMinder offers that feature to be applied in a
given Policy (1) only. You can define the Host, subnet, Ip ranges
allowed to access the resource after Authentication. It's based on
To restrict access before Authentication, each Web Server has its own
mechanism to be implemented. Here's a thread where it has been
discussed the similar issue (2). This can be done at the Web Server
Further, there's a functionality to limit which Web Agent IP can
access a given Authentication Scheme (5). This applies to the Web
Agent or Agent IP. This doesn't apply to the Browser IP. This feature
is available from 12.8SPx Policy Server only (6).
So to block access to a given Authentication Scheme by the Browser IP,
configure the Web Server or implement a Custom Authentication Scheme
with specific custom code to verify the Browser IP.
IP Restriction Group Box
Indicates a restriction that is based on a single IP
address. You can add multiple IP addresses using this option.
Specifies the IP address of the single host.
Manadge IP white list with CA Access Gateway
IIS 8.0 Dynamic IP Address Restrictions
Authentication Scheme Level IP Allowlisting
5. Select one of the following Authentication Scheme Types that the authentication scheme level IP allowlisting supports:
X509 Client Cert Template
X509 Client Cert or Basic Template
X509 Client Cert or Form Template
Windows Authentication Template
Note: IP allowlist is available for limited set of authentication templates
IP Allowlisting, at Authentication Scheme Level, allows you to
restrict access by validating the Agent IP address against a list of
permitted IP addresses.