Domain-->Security-->Filter

Domain-->Security-->Filter

Tasks Related Topics Attributes

Overview

Connection filters add an aditional layer of security by filtering unwanted network connections. For example, you can deny any non-SSL connections originating outside of your corporate network. Use this page to configure a connection filter for the WebLogic domain.

Tasks

Configuring Connection Filtering

Related Topics

Introduction to WebLogic Security
Managing WebLogic Security
Securing WebLogic Resources
Programmimg WebLogic Security
Developing Security Providers for WebLogic Server
Securing a Production Environment
The Security topics in the WebLogic Server 8.1 Upgrade Guide
Security FAQ
The Security page in the WebLogic Server documentation

Attributes

Attribute Label

Description

Value Constraints
Connection Logger Enabled Specifies whether this WebLogic domain should log accepted connections.MBean: weblogic.management.
configuration.
SecurityMBeanAttribute: ConnectionLoggerEnabled Default: falseValid values:
true

false
Dynamic: yes
Connection Filter The name of the Java class that implements a connection filter. The connection filter must be an implementation of the weblogic.security.net.ConnectionFilter interface. WebLogic Server provides a default implementation.MBean: weblogic.management.
configuration.
SecurityMBeanAttribute: ConnectionFilter Default: null
Connection Filter Rules The list of rules for the system connection filter. If none are specified, all connections are accepted. The syntax of the rules is as follows:
Each rule must be written on a single line in the source code.

Tokens in a rule are separated by white space.

A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored.

Whitespace before or after a rule is ignored.

Lines consisting only of whitespace or comments are skipped.
All rules have the following format: target localAddress localPort action protocols where target specifies one or more servers to filter. localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.) localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server). action specifies the action to perform. The value must be allow or deny). protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.
Default: nullDynamic: yes

Two kinds of rules are recognized:
A fast rule applies to a hostname or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated.
A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance.
MBean: weblogic.management.
configuration.
SecurityMBeanAttribute: ConnectionFilterRules

Attribute Label	Description	Value Constraints
Connection Logger Enabled	Specifies whether this WebLogic domain should log accepted connections.MBean: weblogic.management. configuration. SecurityMBeanAttribute: ConnectionLoggerEnabled	Default: falseValid values: true false Dynamic: yes
Connection Filter	The name of the Java class that implements a connection filter. The connection filter must be an implementation of the weblogic.security.net.ConnectionFilter interface. WebLogic Server provides a default implementation.MBean: weblogic.management. configuration. SecurityMBeanAttribute: ConnectionFilter	Default: null
Connection Filter Rules	The list of rules for the system connection filter. If none are specified, all connections are accepted. The syntax of the rules is as follows: Each rule must be written on a single line in the source code. Tokens in a rule are separated by white space. A pound sign (#) is the comment character. Everything after a pound sign on a line is ignored. Whitespace before or after a rule is ignored. Lines consisting only of whitespace or comments are skipped. All rules have the following format: target localAddress localPort action protocols where target specifies one or more servers to filter. localAddress defines the host address of the server. (If you specify an asterisk (*), the match returns all local IP addresses.) localPort defines the port on which the server is listening. (If you specify an asterisk, the match returna all available ports on the server). action specifies the action to perform. The value must be allow or deny). protocols is the list of protocol names to match. (One of the following protocols must be specified http, https, t3, t3s, giop, giops, dcom, or ftp.) If no protocol is defined, all protocols will match a rule.	Default: nullDynamic: yes
	Two kinds of rules are recognized: A fast rule applies to a hostname or IP address with optional netmask. If a host name corresponds to multiple IP addresses, multiple rules are generated. A slow rule applies to part of a domain name. Since a rule requires a connect-time DNS lookup to perform a match, slow rules impact performance. MBean: weblogic.management. configuration. SecurityMBeanAttribute: ConnectionFilterRules