An administrator can use this screen to add network and protocol restrictions on users. Each rule can be applied either to all users or to a specific user.
Hint: Rules for specific users can be configured on the individual user's Restrictions tab.
IMPORTANT: Restrictions are applied at the user level, therefore they are applied after a login prompt. These restrictions are therefore applied after both the protocols allowed at the site level (Settings - Service Activation) and the allowed countries (Settings - Country Access) limits.
Clicking the Add Rule button will open a new line item on the list for editing, with the following fields:
- Rule Name - Every rule should be given a unique name that means something to you.
- User - Select All Users if this rule will apply to everyone. Select a specific user if this rule is meant for only them.
- Allowed IP Address - Defaults to Any network on save if skipped. Otherwise, type in the user's remote IP address that you wish to require them to login from. Once an IP address is entered, a CIDR prefix (sometimes called a network mask) will appear. 32 is for a single IP address (most common). Click your cursor where it says 32 if you wish to change the CIDR prefix to cover a larger network range.
- Allowed Protocol - Defaults to Any Protocol (based on those that are enabled at Settings - Service Activation) or allows you to restrict a user to a specific protocol.
Note: There is never a need to create a rule for All Users + Any Network + Any Protocol, as that will automatically apply to all users without other restrictions.
Rules can be removed by selecting a check box next to the rule(s) you wish to delete, then clicking the Remove Rule button. Careful, there is no confirmation before a rule is removed.
Clicking a username will take you to that user's Restrictions screen where you can view which rules only affect them and manage rules accordingly.