Access enforcement
The Access enforcement section holds the policies that govern who may connect to the virtual site and how strong account passwords must be. External identity sources such as LDAP and OIDC are configured under the LDAP / OIDC section instead.
The page is organized into three tabs, in this order:
- Safe list
- Allow list
- Password policy
You can move between the tabs with the mouse, or with the keyboard arrow keys when the tab strip has focus (Home and End jump to the first and last tab). Each tab has its own Save button that persists only that tab's settings.
Safe list
The Safe list names the addresses or networks that the Protector never blocks. Entries on this list are exempt from automatic blocking regardless of how the Protector is tuned.
To add an entry, type an IP address or CIDR network, optionally add a note, and use the Add button (or press Enter). The value is validated, and duplicates are rejected. Each entry can be removed individually. Use Save to persist the list.
Allow list
If the Allow list is non empty, only the addresses or networks it contains may connect to this virtual site. Leaving it empty places no address restriction on connections.
Entries are added and removed the same way as on the Safe list: type an IP address or CIDR network, optionally add a note, and use the Add button or press Enter. Use Save to persist the list.
Password policy
The Password policy sets the minimum complexity enforced when accounts set or change their password. The settings are:
- Minimum length
- Require an uppercase letter
- Require a lowercase letter
- Require a digit
- Require a special character
After changing any setting, use the Save button to persist the policy.