# Block users automatically at the DMZ level The DMZ can be configured to reject authentication attempts from invalid users, without needing to request verification from the STENG. To prevent unauthorized access to the DMZ, a blacklist must be created and added to an internal DMZ directory: * `wlp/usr/server/dmzgw/dmz/conf/blacklist.users.txt` A whitelist can also be created and added to the same directory: * `wlp/usr/server/dmzgw/dmz/conf/whitelist.users.txt` The file `blacklist.users.txt` contains the usernames or patterns of usernames to be blocked. The file `whitelist.users.txt` contains usernames or patterns of usernames that are permitted to access the DMZ by bypassing the blacklist, as long as their credentials are correct. The whitelist does not grant access without credentials; it only creates exceptions to the blacklist.\ For example, if the blacklist includes the pattern **prim\***, no users whose usernames start with "prim" will be able to authenticate. However, if it's necessary to allow the user **primeur-prod** to authenticate, this username can be added to the whitelist. This creates an exception to the blacklist, enabling only the user **primeur-prod** to log in. If a user is on both the blacklist and whitelist, they are allowed to access the system. If a blacklisted user attempts to log in, they will receive a bad credentials error. In the .txt files: * Usernames are case-insensitive. * The \* special character is allowed for any character, string or space. * Any spaces at the beginning or end of the line are removed. * Blank lines are removed. Each line of the .txt file should contain either individual usernames or patterns that include multiple users. For example, you can use prim\* to represent all usernames that begin with prim. If two or more usernames are listed on the same line of the blacklist, none of them will be blocked.\ For instance, if you list\ `JANEDOE JOHNSMITH`\ on the same line, the system will not block user JANEDOE or user JOHNSMITH from logging in.\ To correctly block both users, enter each username on a separate line, in this way: `JANEDOE`\ `JOHNSMITH` No reboot is required after updating the .txt files, but reading the blacklist and whitelist is not immediate. The system will read them after 60 seconds. **If there are multiple DMZs, a file must be added to each DMZ gateway.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-mover-1.21/infrastructure/dmz-gateways/block-users-automatically-at-the-dmz-level.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.