|Acrolinx Server||4.3, 4.4, 4.5, 4.6, 4.7, 5.0, 5.1, 5.2, 5.3, 5.4|
If your Acrolinx Server is accessible from outside of your network and firewall, you can use endpoint protection to prevent unauthorized users from connecting to the server with forged authentication details. When a client authenticates for the first time, the Acrolinx Server saves the authentication details in an authentication token that the client uses to authenticate during subsequent calls. When you configure endpoint protection, the Acrolinx Server includes IP address information in the authentication token so that malicious users cannot intercept the token and reuse it for unauthorized calls to the server.
When an incoming call is received, the Acrolinx Server compares the IP address that is stored in the authentication token with the IP address of the computer that initiated the call. If IP addresses do not match, the call is blocked and the server issues a 403 HTTP response code. Note that endpoint protection can cause connection issues for users who connect from computers where the IP address is subject to change such as users who connect from roaming laptops.
To configure the endpoint protection, follow these steps:
Open your overlay of the core server properties file.
You find the overlay for the core server properties file in the following location:
Add the following property:
- Save your changes and restart the core server.