Using filtering rules

Filtering rules is a feature that allows you to control who can access a particular published resource. Each rule consists of one or several criteria for matching against user connections. In turn, each criteria consists of one or several specific objects that can be matched.

You can match the following objects:

  • User, a group the user belongs to, or the computer the user connects from.
  • Secure Gateway the user connects to.
  • Client device name.
  • Client device operating system.
  • Theme.
  • IP address.
  • Hardware ID. The format of a hardware ID depends on the operating system of the client.

Notice the following about the rules:

  • Criteria are connected by the AND operator. For example, if a rule has a criteria that matches certain IP addresses and a criteria that matches client device operating systems, the rule will be applied when a user connection matches one of the IP addresses AND one of the client operating systems.
  • Objects are connected by the OR operator. For example, if you only create a criteria for matching client device operating systems, the rule will be applied if one of the operating systems matches the client connection.
  • The rules are compared to a user connection starting from the top. Because of this, the priority of a rule depends on its place in the rule list. Parallels RAS will apply the first rule that matches the user connection.
  • The default rule is used when no other rule is matched. You can set it to either Allow or Deny (see below), but no criteria is available for this rule.

To create a new rule:

  1. Navigate to Publishing.
  2. Click the resource that you want to create a rules for.
  3. In the middle pane, select Filtering.
  4. Click Edit.
  5. Click the plus sign.
  6. Specify the name and optional description for the rule.
  7. Specify criteria for the rule. You will find the following controls:
    • Allow: specifies that the resource must be accessible when a user connection matches the criteria. Click Allow to change it to Deny.
    • Deny: specifies that the resource must be inaccessible when a user connection matches the criteria. Click Deny if to change it to Allow.
    • (+): adds a new criteria. If you want to match a Secure Gateway, a client device name, a client device operating system, a Theme, an IP address, or a hardware ID, click (+).
    • (X): Deletes a specific object from matching. For example, you want to delete IP address 198.51.100.1 from matching, click (X) next to it.
    • is: specifies that the resource must be accessible (or inaccessible, per Allow and Deny) when a user connection matches the criteria. Click is to change it to is not. This control appears when at least one object is added.
    • is not: specifies that the resource must be inaccessible (or accessible, per Allow and Deny) when a user connection does not match the criteria. Click is not to change it to is. This control appears when at least one object is added.

    You can disable and enable criteria by clicking on the switch to the left of it.

  8. Click Save when done.
Was this topic helpful?