The OCSP access control module allows you to restrict the access of OCSP service based on the following options:
Open access for everyone
Using TLS client certificates to authenticate clients
Using OCSP request signing to authenticate clients
Using IP address checking to authenticate clients
The last three options above can be used simultaneously if required.
The following screen shows the configurations which can be made:
The configuration items are as follows:
|Allow open access||If this option is enabled, it allows open access and all requests are accepted.|
|Allow access based on TLS client certificates||This option has two sub-filters:
|Allow access based on requests being signed||This option is used when the OCSP request message is signed by the requestor (OCSP client). It has two sub-filters:
|Allow access based on IP addresses||This option allows you to include the list of IP addresses to allow or deny. Wildcards * can be used.
Also, choosing the option Allow access based on IP addresses and clicking Add/Edit button will show the following screen where filtering can be performed based on IP Address: