The yaSSL Open Source Embedded Web Server supports Access Control Lists. An Access Control List (ACL) allows restrictions to be put on the list of IP addresses which have access to the web server. In the case of the yaSSL Embedded Web Server, the ACL is a comma separated list of IP subnets, where each subnet is prepended by either a ‘-’ or a ‘+’ sign. A plus sign means allow, where a minus sign means deny. If a subnet mask is omitted, such as “-18.104.22.168”, this means to deny only that single IP address.
Subnet masks may vary from 0 to 32, inclusive. The default setting is to allow all, and on each request the full list is traversed – where the last match wins.
The ACL can be specified either at runtime, using the -acl option, or by using “acl” in the config file. For example, to allow only the 192.168.0.0/16 subnet to connect, you would run the following command:
./yasslEWS -acl -0.0.0.0/0,+192.168.0.0/16
The ACL can also be set in the web server config file. Using the example above, the config file line would be:
# acl -0.0.0.0/0,+192.168.0.0/16
To learn more about subnet masks, see the Wikipedia page on Subnetwork (http://en.wikipedia.org/wiki/Subnetwork), or here (http://wiki.xtronics.com/index.php/IP_Subnet_Masks).