Available Security configurations in NATS allow the program owner to ensure security of their Admins, Affiliates, and Members. Available Configurations in NATS include restrictions on Admin IPs, Encryption of emails and/or other personal data, and Throttling to restrict hits to the same page multiple times from the same IP address. All of these Configurations are found within the NATS Configuration Admin under the section "Security".
IP restrictions are set within area labeled "Admin IPs". These restrictions include the configuration variables, ADMIN_IPS and ADMIN_API_ALLOWED_IPS. Each of these configuration variables accepts a list of IP addresses separated by commas(,). If you leave a configuration variables blank, all IP addresses will be allowed for that setting.
- ADMIN_IPS - This restricts access to the Admin area pages in your installation to the list of IP addresses provided. Anyone attempting to use an Admin page outside of the list will be redirected back to the main Affiliate page.
- ADMIN_API_ALLOWED_IPS - This restricts what IP addresses can utilize/access the NATS API of your installation. Setting this will ensure only approved IPs can use this feature.
Encrypting Membership or Affiliate data is set within the area labeled "Data Encryption". This section includes options to encrypt Membership email, password, firstname, lastname. This area also has options to encrypt Affiliate email, information, and payment information. Turning these configurations on will tell NATS encrypt this data moving forward. If you need any old information encrypted, please put in a support ticket with us here.
Throttling allows for you to set limitations on how often a particular page can be accessed within a given time period. The pages that include this restriction are the Membership approval page, upgrade plus, upsell plus, token plus, package plus, cancel plus, the duplicate page, verifyplus, signupplus, and the Membership Password retrieval page. Each of these pages include settings which you can set to the degree with which this feature is active, the number of attempts you wish to allow, and the time in seconds you want NATS to check for duplicate requests. In addition to these settings you can set
THROTTLE_WHITE_LIST_IPS and THROTTLE_BLACK_LIST_IPS which are lists of IP addresses that respectively allow to skip checks entirely or fail checks immediately.
Further details on Security configuration options can be found in our online documentation here. Further information on setting up and configuring Throttling can be found here.