Whitelisting for Relay Server
Relay Server is designed to facilitate communication between the AIR Console and the responder. As a result, Relay Server carefully examines all connection attempts to ensure they are directed towards AIR Console and blocks any connection requests to other destinations. This strict enforcement guarantees that only connections to AIR Console are permitted, thereby providing a secure environment and ensuring that no undesired connections to other addresses occur.
To enable connections to addresses other than the AIR Console, a configuration called "Whitelist" is utilized. By specifying addresses or IP/FQDN patterns in the whitelist, the Relay Server allows communication between clients and the whitelisted addresses. In such cases, the Relay Server acts as a proxy between the client and the whitelisted address, ensuring seamless communication while still maintaining the necessary security measures.
To add or modify the whitelist in the configuration file, you can follow these steps:
Locate the
config.yml
file:/opt/binalyze/air/relay/config.yml
If the Whitelist field is not present in the file, add it as a YAML array in the following format:
In the Whitelist array, you can include various elements such as IP addresses, fully qualified domain names (FQDNs), FQDNs with wildcards, CIDR notations, IP ranges, or use an asterisk (*) to allow all connections.
The Whitelist elements support the following formats:
IP address: Enter the specific IP address.
FQDN: Provide the fully qualified domain name.
FQDN with wildcard: Use an asterisk (*) as a wildcard character in the domain name.
CIDR: Specify the IP range using CIDR notation.
IP range: Indicate the range of IP addresses using a hyphen (-) between the start and end IP addresses.
FQDN addresses that have been added to the whitelist are not resolved to IP addresses. Therefore, destinations using IP addresses without FQDN will be denied. Relay Server only resolves IP addresses of Console Address in the configuration file.
By configuring the whitelist, you can specify the allowed addresses or domains that Relay Server will permit connections to.
After modifying the config file for Relay Server, it is essential to reload the configuration if Relay Server is already running. To accomplish this, you can use the following systemctl
command:
Last updated