M312: Filtering on Source IP Address

In the initial settings, the workflow platform (Server) does not restrict the connection source (Client) of functions that require user authentication (Web UI or Questetra REST API). It can be accessed and used from anywhere in the world. You can also whitelist connecting source IPs to restrict access. On the other hand, access to modeling elements such as [Message Start Event (HTTP) ] is restricted from being available from external networks by default. It will be available by removing the restriction or whitelisting the source IP to allow access.

1. Overview of Source IP Filtering on the Workflow Platform

a. IP Filtering

Restrict the source IP for all access

b. API IP Filtering

Restrict the source IP accessing Message Catch Event API

2. Setting IP Filter

a. Enumerate static IPs

Specify by dotted decimal notation (e.g. 192.168.0.1)

b. Enumerate IP addresses in a range

Specify in CIDR notation (e.g. 69.208.0.0/24)

System Settings – IP Address Filtering

Z. More Info: Restrict access destination hosts (version 14.1 nad later)

a. Filtering connection destinations of HTTP communication

Enable [HTTP Destination Filtering] and register hosts to permit

HTTP communication from workflow apps is restricted to the allowed hosts only

System Settings – HTTP Destination Filtering

X. Tutorial

• Starting a Process from Outside of Questetra BPM Suite

X. Workflow-Sample

• 2017-09-11 (Business Improvement Idea Reception Process): Episode 552: "Idea Soliciting" is Important for Work Style Reformation