Restricting access to Server-API

[SpeedPartner]

Hi,

by default Server-API-Access is restricted to 127.0.0.1 - because I want to enable our users to create their own chat-room via web-form I need to grant our webserver access to the API.
Because we operate more than one server these requests may come from more than one private adress.
Is there a way to restrict server-api access to a subnet (like 10.0.1.0/24) or several IPs using a comman separated list (like 10.0.1.1,10.0.1.2,10.0.1.3)?

Regards,
Michael

[sephiroth]

Hi

Thanks for inquiry.
You can set it like 10.0.1.* .
And there isn't a feature to sparate it with a comma.

Best wishes
Cain

[SpeedPartner]

doesn't work for my release, sorry.

$ ./fcserver.sh restart
Stopping server ......
Server stoped
Starting server ......
----== ->->->-> www.123flashchat.com <-<-<-< ==-----
Welcome to use 123 Flash Chat Server 5.0 (build 0915)
This is a full version of 123 Flash Chat Server 5.0 (build 0915) for 250 users license
----== ->->->-> www.123flashchat.com <-<-<-< ==-----

Starting the server ...
Set System Timezone GMT+1
Loading ip-to-country data ...
Loading connection policy ...
Start chat server failed: configuration file error etc/groups/default.xml

tried:
<allow-access-from-ip>10.0.1.*</allow-access-from-ip>

[joy]

sorry whether in 5.0 or 5.1_2, the asterisk is not allowed in allowed IP, it's gotta be a specific IP or entirely "*".

[SpeedPartner]

Hi,

will this be a "new feature" in an upcoming release or was it a feature of v4 ???
(Sorry, cant't interpret your "whether in 5.0 or 5.1_2")

[joy]

This will be a "new feature" in an upcoming release,
the format will be like this: 192.168.0.*

[SpeedPartner]

Found a temporairly workaround for this problem 'till the new release get's public ;D

Limit Server-API Access to 127.0.0.1 and establish a xinet.d-forwarding (which is restricted to wanted IPs). Quite "ugly" but it works ...

[joy]

good idea!