Phone Lines icon GFI Support Home

Articles in this section

See more

Restricting access to some services in Kerio Connect

Author: Vladyslav Velychko Updated

Overview 

You may wish to setup Kerio Connect functionality in such a way that access is restricted to some services for specific users. For instance, you may wish to allow only CalDAV and CardDAV protocols for Calendar and Contacts Syncing respectively. Alternatively, you may wish to restrict access to any service for any users from a certain IP Address Group. 

Solution

You can accomplish this in two steps; first by creating a User Access policy that defines the restrictions, and then by assigning this policy to the users to which access needs to be restricted. 

Defining the User Access Policy: 

  1. In the administration interface, go to Configuration (Gear Icon). Under the Definitions section, click User Access Policies.
  2. Click Add Policy.

      
  3. Enter a name for the policy, in this example we will call it Only WebDav, CalDav, CardDav.
  4. Click the Add restriction link.        

  5. Select a Protocol from the drop-down menu.
  6. Select the level of access (Allow/Deny/Allow only to). In this example, we will allow WebDAV, CalDAV, and CardDAV protocol only for the local client's IP address group. All other protocols should be denied. You can add multiple restrictions.
    user_access_policy.png
  7. Set access for the remaining (unselected) protocols.
  8. Click Apply.
  9. To remove a restriction, select it and click Remove.
  10. To remove a policy, select it and click Remove.
  11. (Optional) If you want to disable mail server communication server-wide and leave only one specific service, i.e. HTTPS, stop the necessary services accordingly. For more information, please refer to Kerio Connect Services.
    only_https.png

 

Assigning Policies to Users

  1. In the administration interface, go to Accounts > Users.
  2. Double-click a user and go to the Rights tab.
  3. Select the Access policy from the drop-down list that you created in the previous section. In this example, it was Only WebDav, CalDav, CardDav.
    user_access_policy2.png
  4. Click OK.

Confirmation and Testing

Test if the policy works by logging in as a user and attempt to access the service. 

If any problem regarding services occurs, consult the Debug log by selecting the appropriate message type option (service to be logged):

Service type Debug options
SMTP SMTP Server and SMTP client 
POP3 POP3 Server
IMAP IMAP Server
NNTP NNTP Server
LDAP LDAP Server
HTTP
  • The HTTP Server enables logging of HTTP traffic on the server's side
  • The WebDAV Server Requests option enables logging of queries sent from a WebDAV server, like Calendar or Contacts synchronization through CalDAV or CardDAV protocols
  • The EWS option enables logging of Exchange Web Services requests, communication between the Kerio Connect server and email clients such as Apple Mail and Outlook for Mac
  • The PHP Engine Messages and Kerio Connect Client options might help to solve problems with the Kerio Connect Client interface
  • The KOC Offline Requests option allows viewing the extended output between the Kerio Connect server and Kerio Outlook Connector (Offline Edition), so-called KOFF
XMPP  Instant Messaging and XMPP Server

 

Too many log messages may slow down your server. Once you solve your problem, disable the logging.

 

Related articles