The Environment element defines several network connectivity options.
Use it in the following form:
<environment network="127.0.0.1/8" destination-port="1883" X509-subject="CN=MQTTClient, O=IBM"/>
The environment can be used to define any of the following:
- An IP network that is matched against the IP source address of a connecting client
- A destination port that is matched against the port to which the client wishes to connect
- An X.509 certificate attribute that is matched against an SSL X.509 certificate subject
The network is specified in Classless Inter-Domain Routing (CIDR) format: that is, a normal IP address followed by a slash, then a number from 0 to 32 (the prefix length). If a network is specified without the trailing slash and prefix length, then the network is interpreted as though the IP address were followed by /32, which means that it is interpreted as a single host network address.
The destination port argument allows administrators to create rules that control to which micro broker protocol stack clients can connect. This technique can be used to enforce the use of encryption using SSL/TLS for nominated clients.
When matching the X509-subject, a client that does not provide a certificate always matches.
Parent topic: ACL document structure