Enable and Manage the Client Access Control List
The Client Access Control List (CACL) allows you to define a list of client IP addresses that have authorized entry to your ClearSCADA server. You can restrict the clients that are authorized to access the ClearSCADA server using the Client Access Control List (CACL) to define an IP address or IP Range to identify the clients that have access to the database.
The CACL is an additional security feature and distinct from the Access Control List (ACL) that is used to define the permissions for each object within the database
Authorized access control for WebX clients is managed within IIS. This needs to be done by an IIS administrator.
Enable the Client Access Control List
To enable the Client Access Control List and apply it to ViewX clients as well as third-party clients that access the ClearSCADA server use the following procedure:
- Display the Server Configuration Tool and log on if required.
- Expand the System Configuration branch of the tree-structure.
- Select the Security entry and locate the section to display the Client Access Control List section:
If you have a ClearSCADA server with a variety of clients, you will need to make a decision:
- If you select the Enabled check box in the Client Access Control List section, you can configure the server to only accept connections from specific clients, the new security measures are applied to all existing and future clients. This may result in some older clients on the network being unable to connect to the ClearSCADA server.
- Although we do not recommend it, you can allow the server to accept connections from all clients. If you clear the Enabled check box in the Client Access Control List section, all clients on the same network can connect to the server, as a consequence, your system will also be at risk from unauthorized (and potentially malicious) use. NOTICE
SECURITY THREAT
Clearing the Enabled check box could compromise the security of your system. Unauthorized users could gain access to your system.Failure to follow these instructions can result in equipment damage.
- When you enable the Client Access Control List you can continue to Add Clients to the Client Access Control List.
For more information about how to manage the Client Access Control List, see the topics that are listed in the gray footer section at the bottom of this topic. Select the relevant entry to display the topic that you require.