In the Firewall section of an UNLOQ application, you can enable some custom rules that will apply to authentications, authorisations or encryption key requests. These allow you to restrict the access of your users in order to prevent undesired approval requests.
Firewall entries are divided into two categories:
With City wall, you can configure your application to only allow authentication requests from a specified list of geographical countries or regions. You can also restrict these requests to a specified IP or range of IP addresses.
You can create a new Firewall entry by clicking the New rule button for either API or Approval. When adding a restriction, you must specify what kind of rule to apply to the selected region or IPs. Selecting Allow will allow any incoming requests, while Block will deny them. When creating a blocking filter, you can also choose to log failed attempts, to later visualize.
By default, the login filters apply on the IP address of the user that initiates the authentication process (the
user's browser). when an authentication push notification reaches the
user's device, it will verify that the device's IP
address matches at least one of the filter's rules (see below).
If the IP address is blocked, or within a restricted geographical region, the authentication process is stopped, thus forcing the user's device to be in one of the accepted filters.
IP restrictions for API calls require just the rule type (Allow/Block) and the IP range to apply the rule to.
Let's say we want to enable only users in the UK and Dublin, Ireland to authenticate to our application. We would have to create 3 simple city wall rules:
At this point, any user that will try to authenticate from outside the geographical regions that we've specified,
will be blocked, and their attempt logged.
A user from Clare, Ireland will be blocked, while a user from Birmingham, UK will be allowed.
Note: Geo-location accuracy is between 80-100%, depending on the country.
Let's say our company, Acme INC has implemented the UNLOQ authentication system on their applications, and wants only employees that are on-premise to login to their system. In one building, the company has 1 static IP, 184.108.40.206 and the IP range 220.127.116.11 - 18.104.22.168 in another building. The IP restrictions would be as follows:
With this example, we would block all IP addresses, except the ones that our company uses, therefore, a users will have to use the company's internet connection, in order to login to the application. The same rules can be applied for API calls.
Your application can have up to 50 filtering rules of both IP and geo restrictions. These rules are applied as follows:
If the incoming user's IP address does not match any of the above rules, the incoming request will be accepted.
Have a question? You can always send us an email at firstname.lastname@example.org, or contact us on chat.
For security related concerns, please visit our Security page.