IP pinning check

The IP pinning check checks whether IP pinning is activated. IP pinning means that a session is bound to the IP address of the client. If the IP address changes during an existing session (e.g. due to a proxy hop or network change), the session becomes invalid and the user must re-authenticate.

An attacker cannot directly use tapped session information if IP pinning is activated.

Procedure for protection

IP pinning can be activated in the configuration file KARAF/etc/de.virtimo.bpc.core.cfg.

To do this, set the option ipPinningCheck to true. When using an HTTP proxy, the header name, which transmits the original client IP address, must also be configured. This is typically X-Forwarded-For.

Example KARAF/etc/de.virtimo.bpc.core.cfg
de.virtimo.bpc.core.ipPinningCheck = true
de.virtimo.bpc.core.ipPinningCheck.httpHeader = X-Forwarded-For

The option is activated by default for a new installation.

Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen