IP Rules

These rules restrict access to the iCM enterprise URL and may be used by subsites (if they don't have any rules of their own defined). At least one rule must be provided, and the first rule that matches will determine whether a request is successful or not. By default the first rules in the list allow all connections.

When entering a rule you'll be prompted to enter the IP address, either IPV4 or IPV6, and a netmask. If you are entering a single IPV4 address the netmask will generally be /32. For more information about ranges and netmasking, this documentation from Cisco has a thorough explanation, https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html (opens new window)

Subsite level rules are set in the Subsite Properties.

Note that you'll need to manually decache the site for changes at the enterprise level to be picked up (changing rules at the subsite level automatically clears the cache for that subsite).

iCM Access

IP rules do not prevent users from accessing the iCM login screen. Rather, when a user attempts to log in, their current IP address is checked against the rules, and their login will either be blocked or allowed to proceed.

Whenever someone tries to access the iCM enterprise URL, the rules set here are checked. In new installations all connections are allowed.

If a user is attempting to log into a subsite level iCM, the rules set in that subsite are checked, and if one matches, the IP address is either allowed or rejected. If no match is found, the rules set here are checked.

When you upgrade to iCM 10.0.7.0 existing subsites automatically have final "reject all" rules added to them to maintain previous behaviour. If you'd like a subsite to also use the enterprise rules, you'll have to remove these rejects. New subsites don't have any rules.

Remember that iCM subsites can be set as "isolated" or "co-operative". Co-operative subsites allow the iCM content in one subsite to be accessed and edited on the URL of another.