000025521 - How to add IPOnGoldList Rule

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025521
Applies ToAA version 5.7.2
IssueReduce login challenges to specific IP addresses
Certain IP addresses experience undesirable challenge rate.
Resolution

1) In the auth2.3.drl file, define the rule name:

 

       <rule name="IPOnGoldenlist" no-loop="true" salience="97">

             <parameter identifier="risk">

                    <class>AuthRiskResult</class>

             </parameter>

             <java:condition>risk.isIPOnGoldlist()</java:condition>

             <java:consequence>

                             drools.retractObject(risk);          

             </java:consequence>

       </rule>

2) In c-config-forensic.xml file, add following key in the the policymap section:

 

       <entry key="IPOnGoldenlist">

              <value>ALLOW</value>

       </entry>

 

3) In c-config-forensics.xml file, add listed IPs to the goldlist bean:

<bean id="goldlist" class="com.passmarksecurity.forensic.ForensicIpList">

            <property name="listName">

                        <value>goldlist</value>

            </property>

            <property name="listedIps">

                        <list>

                                    <value>150.5.6.234</value>

                        </list>

            </property>

</bean>

 4) restart application server after xml files are modified.

Legacy Article IDa34176

Attachments

    Outcomes