Sahi Documentation

Restrict Remote Access to Sahi

Restrict Remote Access

Configure IP addresses to Restrict Remote Access

abstractSince Sahi Pro v9.0.0, now users are allowed to restrict remote access by adding the list of IP in whitelist and blacklist.
Sahi Pro now allows users to restrict remote access by adding the list of IP in allow and deny list.
For allowing the access of any IP, user need to add list of IP in sahi.xxx.remote_access.ip.allow
and for denying the access of any IP, user need to add list of IP in sahi.xxx.remote_access.ip.deny.
This feature is added since Sahi Pro v9.0.0.
info Set the following property sahi.remote_access.ip.restrictions.enabled to true in order to use below mentioned IP restrictions related properties. Setting this to false will remove all below restrictions and allow access from any machine.
For all these properties
info After doing any change in userdata_hidden.properties, user need to restart Sahi.
Follow the below instructions to use these properties.
  1. sahi.master.remote_access.ip.allow and sahi.master.remote_access.ip.deny
    • Master: IPs specified here can access and use this machine as a Master.
    • Master role is responsible for triggering execution on itself and its Slave nodes.
    • The IP of the Initiator, or Jenkins machine should be in the allow list.
  2. //Examples to allow the access
    //'*' remote master access is allowed for all IP address.
    sahi.master.remote_access.ip.allow=*;
    //'*' wildcard for last part (octet) of IP address is allowed for remote master access.
    sahi.master.remote_access.ip.allow=192.168.1.*;
    // remote master access is allowed only for 192.168.1.143.
    sahi.master.remote_access.ip.allow=192.168.1.143;
    // remote master access is allowed only for the range [0-255] of IP address.
    sahi.master.remote_access.ip.allow=192.168.1.[0-255];
    
    //Examples to deny the access
    //'*' all the Sahi is restricted for remote master access.
    sahi.master.remote_access.ip.deny=*;
    //'*' wildcard for last part (octet) of IP address is restricted for remote master access.
    sahi.master.remote_access.ip.deny=192.168.1.*;
    // restriction for remote master access is only for 192.168.1.143.
    sahi.master.remote_access.ip.deny=192.168.1.143;
    // restriction for remote master access is only for the range [0-255] of IP address.
    sahi.master.remote_access.ip.deny=192.168.1.[0-255];


  3. sahi.slave.remote_access.ip.allow and sahi.slave.remote_access.ip.deny
    • Slave: IPs specified here can access and use this machine as a Slave node in distributed playback.
    • The IP of the Master should be in the allow list.
  4. //Examples to allow the access
    //'*' remote slave access is allowed for all IP address.
    sahi.slave.remote_access.ip.allow=*;
    //'*' wildcard for last part (octet) of IP address is allowed for remote slave access.
    sahi.slave.remote_access.ip.allow=192.168.1.*;
    // remote slave access is allowed only for 192.168.1.143.
    sahi.slave.remote_access.ip.allow=192.168.1.143;
    // remote slave access is allowed only for the range [0-255] of IP address.
    sahi.slave.remote_access.ip.allow=192.168.1.[0-255];
    
    //Examples to deny the access
    //'*' all the Sahi is restricted for remote slave access.
    sahi.slave.remote_access.ip.deny=*;
    //'*' wildcard for last part (octet) of IP address is restricted for remote slave access.
    sahi.slave.remote_access.ip.deny=192.168.1.*;
    // restriction for remote slave access is only for 192.168.1.143.
    sahi.slave.remote_access.ip.deny=192.168.1.143;
    // restriction for remote slave access is only for the range [0-255] of IP address.
    sahi.slave.remote_access.ip.deny=192.168.1.[0-255];


  5. sahi.configuration.remote_access.ip.allow and sahi.configuration.remote_access.ip.deny
    • Configuration: IPs specified here can change configurations of Sahi on this machine.
    • The IP of Manager or Master should be in the allow list.
  6. //Examples to allow the access
    //'*' remote configuration access is allowed for all IP address.
    sahi.configuration.remote_access.ip.allow=*;
    //'*' wildcard for last part (octet) of IP address is allowed for remote configuration access.
    sahi.configuration.remote_access.ip.allow=192.168.1.*;
    // remote configuration access is allowed only for 192.168.1.143.
    sahi.configuration.remote_access.ip.allow=192.168.1.143;
    // remote configuration access is allowed only for the range [0-255] of IP address.
    sahi.configuration.remote_access.ip.allow=192.168.1.[0-255];
    
    //Examples to deny the access
    //'*' all the Sahi is restricted for remote configuration access.
    sahi.configuration.remote_access.ip.deny=*;
    //'*' wildcard for last part (octet) of IP address is restricted for remote configuration access.
    sahi.configuration.remote_access.ip.deny=192.168.1.*;
    // restriction for remote configuration access is only for 192.168.1.143.
    sahi.configuration.remote_access.ip.deny=192.168.1.143;
    // restriction for remote configuration access is only for the range [0-255] of IP address.
    sahi.configuration.remote_access.ip.deny=192.168.1.[0-255];


  7. sahi.reports.remote_access.ip.allow and sahi.reports.remote_access.ip.deny
    • Reports: IPs specified here can access reports on this machine. This is needed on the machine which is configured as Central DB.
    • IPs/IP ranges of machines of various business stake holders (developer, tester, manager etc.) can be added
    • Reports profile does not impact on Reports syncing feature.
  8. //Examples to allow the access
    //'*' remote reports access is allowed for all IP address.
    sahi.reports.remote_access.ip.allow=*;
    //'*' wildcard for last part (octet) of IP address is allowed for remote reports access.
    sahi.reports.remote_access.ip.allow=192.168.1.*;
    // remote reports access is allowed only for 192.168.1.143.
    sahi.reports.remote_access.ip.allow=192.168.1.143;
    // remote reports access is allowed only for the range [0-255] of IP address.
    sahi.reports.remote_access.ip.allow=192.168.1.[0-255];
    
    //Examples to deny the access
    //'*' all the Sahi is restricted for remote reports access.
    sahi.reports.remote_access.ip.deny=*;
    //'*' wildcard for last part (octet) of IP address is restricted for remote reports access.
    sahi.reports.remote_access.ip.deny=192.168.1.*;
    // restriction for remote reports access is only for 192.168.1.143.
    sahi.reports.remote_access.ip.deny=192.168.1.143;
    // restriction for remote reports access is only for the range [0-255] of IP address.
    sahi.reports.remote_access.ip.deny=192.168.1.[0-255];


  9. sahi.reports_sync.remote_access.ip.allow and sahi.reports_sync.remote_access.ip.deny
    • Reports Sync: IPs specified here can sync their reports to this machine.
    • This is needed on the machine which is configured as Central DB.
    • The IP of Master should be in the allow list.
  10. //Examples to allow the access
    //'*' All IP address can sync their reports to this machine.
    sahi.reports_sync.remote_access.ip.allow=*;
    //'*' wildcard for last part (octet) of IP address is allowed to sync their reports.
    sahi.reports_sync.remote_access.ip.allow=192.168.1.*;
    // Only 192.168.1.143 can sync its reports to this machine..
    sahi.reports_sync.remote_access.ip.allow=192.168.1.143;
    // All IPs address between 192.168.1.0 to 192.168.1.255 can sync their reports to this machine.
    sahi.reports_sync.remote_access.ip.allow=192.168.1.[0-255];
    
    //Examples to deny the access
    //'*' No IP address can sync their reports to this machine.
    sahi.reports_sync.remote_access.ip.deny=*;
    //'*' wildcard for last part (octet) of IP address is restricted to sync their reports.
    sahi.reports_sync.remote_access.ip.deny=192.168.1.*;
    // 192.168.1.143 can not sync its reports to this machine.
    sahi.reports_sync.remote_access.ip.deny=192.168.1.143;
    // All IPs address between 192.168.1.0 to 192.168.1.255 can not sync their reports to this machine.
    sahi.reports_sync.remote_access.ip.deny=192.168.1.[0-255];


  11. sahi.mobile_execution.remote_access.ip.allow and sahi.mobile_execution.remote_access.ip.deny
    • Mobile Execution: IPs of Mobile Devices specified here can use this machine as their Sahi proxy.
    • This is needed for Mobile Web automation on Mobile device.
  12. //Examples to allow the access
    //'*' IPs of all Mobile Devices can use this machine as their Sahi proxy.
    sahi.mobile_execution.remote_access.ip.allow=*;
    //'*' wildcard for last part (octet) of IP address is allowed for remote proxy access.
    sahi.mobile_execution.remote_access.ip.allow=192.168.1.*;
    // remote proxy access is allowed only for 192.168.1.143.
    sahi.mobile_execution.remote_access.ip.allow=192.168.1.143;
    // remote proxy access is allowed only for the range [0-255] of IP address.
    sahi.mobile_execution.remote_access.ip.allow=192.168.1.[0-255];
    
    //Examples to deny the access
    //'*' IPs of any Mobile Devices can not use this machine as their Sahi proxy.
    sahi.mobile_execution.remote_access.ip.deny=*;
    //'*' wildcard for last part (octet) of IP address is restricted for remote proxy access.
    sahi.mobile_execution.remote_access.ip.deny=192.168.1.*;
    // restriction for remote proxy access is only for 192.168.1.143.
    sahi.mobile_execution.remote_access.ip.deny=192.168.1.143;
    //restriction for remote proxy access is only for the range [0-255] of IP address.
    sahi.mobile_execution.remote_access.ip.deny=192.168.1.[0-255];


  13. sahi.remote_access.ip
    • Full Remote Access: This property will make all the Sahi features (master, slave, configuration, reports and mobile execution etc.) available to given IPs. This overrides all other settings for the specified IPs.
    • Do not put the IPs here for which any/ some of the Sahi features needs to be denied.

Configure login Restrict Remote Access

abstract Any user on the network (if IP is allowed to access the resource) could access Sahi Pro via web browser and modify its configuration and settings.
This feature helps prevent other remote machines from directly accessing the Logs and Configuration of the host machine. Since Sahi Pro v6.2.0
To restrict remote machines from accessing Sahi Pro:
  1. Open Dashboard --> Configure --> Configure Users
  2. Check the checkbox "Enable Login"
  3. Admin login can restrict configuring Sahi as well as to sync and delete Sahi reports.
  4. User login is the subset of Admin and can restrict the access to Sahi reports.
  5. The default password for user is "password" and for admin is "admin".
Enabling the login feature will add a level of authentication before other people can access your configurations and reports. This will not affect distributed playbacks.

When users try to access restricted areas of Sahi Pro, they will be prompted with a login dialog.

Allow Access to Restricted Sahi Pro

admin/password is the default User/password combination. User can change the password for admin.

The remote machine has to login again if the host machine has restarted Sahi.