Restricting Source IP Address Ranges

In addition to correctly setting up your firewall to control network access, you can restrict the source IP addresses from which requests are allowed directly in DIGIPASS Gateway.

By default, all services that are considered to be used by the back-end application are restricted to be accessed from the local host only. This includes all services requiring authentication using the back-end API key, as well as API v1 services that don't require authentication, but were part of the Administration interface in legacy versions of DIGIPASS Gateway. If OneSpan Authentication Server, DIGIPASS Gateway, and your back-end application are not installed on the same server, you need to allow the OneSpan Authentication Server and back-end application server. All other services are unrestricted. You should restrict those services to specific source IP address ranges.

You can restrict requests by explicitly specifying allowed source IP address ranges using CIDR blocks via the OneSpan Web Configuration Tool:

admintool type dpgateway endpoint allow "service" cidr_block

where:

service specifies the DIGIPASS Gateway service endpoint, including the prefixing slash mark ('/'). You can use glob notation specifying a matching pattern to set the CIDR block for several services at once. In that case you need to set the value within quotation marks.
cidr_block specifies an IPv4 address range using CIDR notation, e.g. 192.0.2.0/24. Any request originating from a host within that CIDR block will be allowed. You can specify multiple CIDR blocks at once as comma-separated list.

For more information, see Configure DIGIPASS Gateway.

Restricting source IP address ranges

Log in

Two-step verification is required