Restricting Access to a License Server¶
By using a configuration file, it is possible to restrict access to the license features to certain computers, users, etc. The access is controlled using ALLOW and DENY statements, a bit like in a .htaccess file. The rules work a bit differently, however, so below we will present some simple examples to make it clearer.
The essential logic of the access restrictions is:
- You can ALLOW or DENY access to the license features all, or a single, or multiple specified users, IP numbers, hosts.
- The rules can apply to all license features, or only some specific ones.
- The rules are evaluated in the order they appear in the configuration file. The first matching rule is applied - the following rules are generally ignored.
- If no rule matches, the default is to ALLOW.
Point 4 is very important, because it means that if you wish to restrict access to the license in any way, you must explicitly ALLOW those with access and then DENY all others. So, in order to only allow computers in the IP number range 192.168.0.0 to 192.168.0.255 access to the license, you will need to use the statements
ALLOW_IPADDR_ALL = 192.168.0.* DENY_IPADDR_ALL = *
Another typical option is to only allow a particular user to access the license. You can then use
ALLOW_USER_ALL = niceguy1 niceguy2 DENY_USER_ALL = *
Point 3 is also crucial - if we reverse the ALLOW/DENY statements in the two examples above, nobody will have access to the license server because everybody will match the DENY rule and thus be rejected. You only want the DENY rule to apply to those not matching the ALLOW rule!
There are multiple options for the ALLOW/DENY statements - for more details please see the extensive examples inside the configuration file lmx-serv.cfg which resides in the same directory as the license server binary. For example, you may just want to block a particular user, then it’s enough to use
DENY_USER_ALL = badguy
In this case all other users will be allowed by virtual of Point 4 above.
To use the configuration file the license server must be started with the option -c lmx-serv.cfg.
In general you should always use this option, and make sure to change the server password in the file from the default value.