Predefined and user-defined allowlists

For a predefined allowlist, commands with these extensions under the listed folders can be run:

  • Windows extensions
    • exe
    • bat
    • cmd
  • Linux/UNIX extensions
    • pl
    • sh
    • htc
    • no extension
  • Folders
    • %HCIROOT%/bin
    • %HCIROOT%/sbin
    • %HCIROOT%/clgui/bin
    • %HCIROOT%/clgui/java/bin
    • %HCIROOT%/tcl/bin
    • %HCIROOT%/clgui/bin/misc

User-defined allowlist

The Server Administration > Host Server tab has a Allowlist tab. This is where you can create a user-defined allowlist. You must select a site before configuring it, since the user-defined allowlist is site-specified.

The ACL Role Manager has an allowlist node under the config node at the root level. This controls the permissions of allowlist access through CLAPI and Server Administration.

You must restart the Host Server after removing allowlist commands if the CLAPI is not enabled. This is because the host server and Server Administration are not in the same JVM.

Allowlist commands are stored in an encrypted SQLite database. The allowlist.db database file is installed under %HCIROOT%/siteName/conf/.