ADV7. Restrict access to Perception
It is recommended that you restrict access to certain parts of Perception. This is intended to improve security, but is only required if you are allowing general access to the server(s) hosting Perception.
The process involves limiting access to certain web shares so that no one can interfere with the services that are run.
Before you proceed to the section below and carry out the steps to restrict access to Perception's web shares, you must first run the configuration application again and set the base service address to http://127.0.0.1.
To do this:
Please follow the steps below in IIS 7 to restrict access to the relevant web shares on your Perception server:
- To open IIS Manager, go to All Programs | Administrative Tools | Internet Information Services (IIS) Manager
- Expand Sites in the side menu and then expand Default Web Site
- Click on the qabs virtual directory
- Double click the IPv4 Address and Domain Restrictions icon
- Click on Edit Feature settings in the Actions menu
- Change the Access for unspecified clients drop-down list to Deny and click OK
- Click Allow Entry... in the Actions menu
- Select the Specific IPv4 address option button and enter the IP address of your QPLA server. Repeat the process if you have more than one server.
If you have installed Perception on a single server (as with this installation type), you will need to add two IP addresses by repeating the above steps. The IP addresses you will need to add are:
- The IP address of the server
You should have something similar to the following listed.
Now only the communications coming from the QPLA tier can be passed to the QABS virtual folder.
- Repeat the above steps for the following virtual folders: