Control Access to GpsGate Server

The AccessFilter plugin makes it possible for you to control which IP addresses can access your GpsGate Server.


This guide explains how you can install and use AccessFilter plugin on GpsGate Server. After installing this plugin, you will be able to restrict access to your GpsGate Server by defining access filters. This can be very useful if you want administrators or devices to be able to access GpsGate Server only from trusted IP addresses.

Filters you create are application and role specific; so you can create different access filters for different roles in each application. This guide will take you through the steps to perform these operations.

How to install or upgrade the plugin
  1. Login to SiteAdmin.
  2. Go to Plugins tab.
  3. Set the Repository URL to http://update.gpsgate.com
  4. Under My Plugins tab, make sure Patch.v4 plugin is installed and up to date.
  5. If you are installing the AccessFilter plugin for the first time, click on Get More Plugins. If you installed this plugin before, and want to upgrade it, you should be able to see it under My Plugins tab.
  6. Download and install AccessFilter.
  7. Navigate to the Security tab in SiteAdmin, you can access the plugin page by clicking “Access Filters” link from the side menu.

If you had already installed the AccessFilter plugin, make sure you have the latest version and that there are no upgrades on the http://update.gpsgate.com repository.

Creating Access Filter Items

Once you get to the AccessFilter plugin page for the first time, the page will tell you that there aren’t any access filter items defined. You can click “Create New” button in the top right of the screen to get to the form, where you can create access filter items in two steps.

Step 1: Creating Access Filter Chain

A chain represents an access filter item which can be assigned to a role in an application. A chain is formed of rules, and it requires a unique name to be identified.

Create Chain

Here, you have to fill in:

  • Name: A unique name to identify the access filter chain.
  • Description (Optional): Description for this chain.
  • Enabled: Whether this chain is active or not. Disabled access filter chains will be ignored.

After you fill in the fields and click “Save”, you are able to proceed with defining access filter rules.

Step 2: Creating Access Filter Rules

A rule is a part of an access filter chain, it specifies which address or address group should be allowed/denied. You can define multiple rules in one chain, and they will be executed in the order they are listed.

When you click “Add New Rule” button, the form below will be displayed.

Create Rule

Here, you have to fill in:

  • Action: Specifies if this rule should Allow or Deny specified address or address group.
  • Scope: Type of address or address group.
  • Address values: The required input in this section changes depending on your choice of Scope in the previous step.
    • For IP Address, you have to specify a single IP address. (Example: 192.168.0.112)
    • For Subnet, you have to specify a base IP address and a subnet mask. (Example: 192.168.0.0/24)
    • For IP Address Range, you have to specify the start and the end of the IP range. (Example: From [192.168.0.0] - To [192.168.0.255])
  • Enabled: Whether this rule is active or not. Disabled rules will be ignored.
  • Note (Optional): Description for this rule.

When you click “Save”, the rule will be recorded as the last rule in the chain. However, you can modify and reorder rules as you wish in the rules list, as seen below:

View Rules

By navigating to access filter main page, you are also able to modify and reorder access filter chain items.

View Chains

Assigning Access Filter Chains To Roles

Now that you created access filter chains and defined access rules under them, you can specify what roles the access filter should apply to. In order to do that, you should follow the steps below:

  1. In SiteAdmin, go to Applications tab. Click Search and Manage.
  2. Click the application for which you want to enable access filter chains.
  3. Scroll down to Privileges and Roles section. Find Plugins node in the privilege tree.
  4. Under Plugins, expand AccessFilter and then _AccessFilter privilege nodes.
  5. Check/Uncheck the access filter chains you want to enable/disable for this application.
  6. Click “Save”. Now the application has the selected access filter items enabled, and they are assigned to _Administrator role automatically.
  7. Login to Vehicle Tracker Application. From main menu, go to “Admin” ⇒ “Roles”.
  8. In Roles window, click on the role you want to assign access filter items to.
  9. Under Privileges, you can assign access filter items to this role in the same way you did for the application.

Enable Chains

How It Works

When a user tries to connect to GpsGate Server, the access filter mechanism first checks what role(s) the user has. The next step is to iterate through all the access filter chains assigned to user’s role(s). The first rule which covers user’s IP address is applied. Therefore, the access is allowed/denied depending on what the first matching rule instructs. If there is no match, the access is denied by default.

Please note that access filter items will be taken into account right after you assign them to a role. Also, if you don’t enable _AccessFilter privilege for a role, access filter mechanism will ignore this role, which means that particular role will always be allowed.

Example Scenarios

The functionality provided by this plugin can be very useful when you want to restrict access to administrators and devices which try to connect to GpsGate Server.

Scenario 1: Restrict access to SiteAdmin

If you want the administrator(s) to be able to log in to SiteAdmin only from a trusted IP address, use AccessFilter plugin to define a chain that includes only one rule:

Scenario 1

After this step, you need to enable the access filter chain for the Site Administration Application application itself. To do that:

  1. Go to Applications tab and click “Search and Manage” from the menu to the left.
  2. Click on the “Site Administration Application” to edit.
  3. Scroll down to Privileges and Roles section. Find Plugins node in the privilege tree.
  4. Enable the chain by checking it, then click “Save”.

Site Admin Chains

Once this access filter chain is enabled for Site Administration Application, only clients with IP address 66.249.64.167 will be allowed to access the SiteAdmin.

Scenario 2: Restrict access of devices

Think of a case where you want the tracking devices to be able send data from a specific IP address range. Also, you want to block one specific IP address in that range.

What you can do here is to define a chain that has two rules (please note the order):

Scenario 2

To enable this access filter chain, please make sure to follow the steps in Assigning Access Filter Chains To Roles section. Once this chain is enabled for _Unit role, devices with IP address: 66.249.64.167 will be denied. All the other devices within IP Range: 66.249.64.0 – 66.249.64.255 will be allowed.

Important Notes
  • Access from the host machine (i.e. localhost) is always allowed, regardless of the access filters defined.
  • Access filters are applied only to connections that use HTTP, TCP or UDP.
  • When you enable an access filter chain for an application, it is assigned to _Administrator role automatically.

  Discuss this blog post on the forum please



Download free GpsGate Server

Install it on your own server. The installation is free for 5 users.

Download Now