Security Groups

Recruitment Marketing Public

Introduction

Security Groups can be used to restrict content to specified network addresses and ranges. Once security groups have been defined, they can be applied to content at the campaign level. The security groups can be accessed via Company Settings, then Security groups.

Creating a security group

  1. From the side menu, under Company click Settings.
  2. Under Security click Security groups.
  3. Click Manage Security Groups.
  4. Click the New button.
  5. Enter a Name.
  6. Click the Save button.
    The new security group will be displayed in the Security Groups list.

You now need to add network rules to the group.

Creating security rules

  1. Click the new security group Name. This will list all the rules of the group (none at present).
  2. Click the New button.
  3. Insert a valid CIDR address or network range.
    For more information on the CIDR format refer to Classless Inter-Domain Routing.
    If you are unsure of the correct CIDR rules for your own network environment or business case, contact your local internal network administrator. IPV4 and IPV6 CIDRs are accepted.
  4. Click the Save button.
    The new rule will be displayed in the listing.
  5. Add more rules as required to a security group. The rules can overlap with other rules in any other security groups you may have defined.

Using security groups

Once your security groups are defined, they can be applied at a campaign level. By default, all published content on a campaign is publicly visible.

To restrict the content of a campaign to a security group:

  1. From the side menu, under Content click Web Pages.
  2. Click the Name of the relevant campaign.
  3. From the top right, click the Edit icon.
  4. From the Security Group drop down, select the relevant group.
  5. Click the Save button to keep the settings.

All published content is now restricted to that security group. Any users outside the security groups network rules will be presented with a HTTP 403 error page, indicating that they are forbidden from viewing or interacting with the content

Using security groups with search engines

Occasionally, there is a customer request to create a page which is publicly accessible but not automatically crawled by search engine bots.

Any page belonging to a security group enabled web campaign will be excluded from a career site's sitemap.xml endpoint, and will have a robots meta tag added to it. Well behaving search engines look at a site's sitemap.xml to learn about all of its pages. It will search for the robots meta tag to see if they should index the page or follow links on it. To prevent search engines from doing this:

  1. Create a security group with one CIDR with a value of 0.0.0.0/0. This is a special case CIDR which indicates anyone can view the page.
  2. Edit the page's web campaign and set the security group.
  3. Visit the career site's sitemap.xml e.g. https://careers.<yoursite>.com/sitemap.xml and observe that the page is not listed. The following meta tag is added to the top of the page:
    <meta name="robots" content="noindex,nofollow">

Comments

0 comments

Article is closed for comments.