I'd like to know if this is possible? I have a client who would like to add a seperate login with IP authentication, however from my understanding most service providers don't generate static IP's for it's users.
How would this work?
Thanks
Check if request.remote_ip is within those addresses matching your requirements.
Related
Is there way to setup access to Cloud Run services via whitelisted IP addresses?
I could not find in documentation beside this Authentication overview
When you deploy a Cloud Run in private mode, the requester have to request the endpoint with a bearer token. This token is checked by Google Front End (GFE), also in charge of managing SSL certificate for example, and it has to reference an account (member, group or service account) that have the role run.invoker on the Cloud Run service.
If you grant this role to AllUsers, the service switch from private to public and anybody can call it without any authentication.
That is for the behavior of Cloud Run, and as you can't customize GFE, IP filtering is not possible directly. You have to add an additional component for performing this filter.
With Cloud Run for Anthos (as propose by Kolban) you can set firewall rules and thus you can perform filtering. But you aren't in the serverless world, you have to manage your cluster, your nodes, your firewall rules, your load balancer,...
Last thing, one of advice of Google is: don't trust the network. Because it's easy to steal and IP address (I don't know how, but for Google it's obvious!!). If you can avoid any infrastructure dependency, it's better!
I am trying to view a website using its IP Address, but failed to do so. What am I doing wrong?
The website IP address is provided in the image below.
Do you have a Webuzo or cPanel ?. If you have two IP addresses in one VPS, you have to try parking a secondary IP address in Webuzo or cPanel like parking a domain. I had tried this method if your VPS provider has supported it.
But now for me, my new VPS provider does not support it. I do not know why they do not support it ?. I have a feeling that my old VPS provider uses SolusVM and SolusVM has made default network so that we can park a secondary IP address in Webuzo or cPanel.
I also ask about that in this forum to build manually in CentOS 7 so that I can try parking a secondary IP address in Webuzo. I also hope get the answer in this forum.
If you are using cPanel then you can access it as IP/~cpanelusername
If you can provide more details regarding your webserver then it will help. Also, is the IP shared for other services?
is it a dedicated IP assigned to the website ? if so you should be able to access the website with the IP provided its a dedicated IP assigned to it.
I want to bind a ip to a user, so that a user can log in using only the user's specific IP. I know Devise might use sessions to controll the authentication.
And my challenge is that I have to consider the case that several users use one specific IP because they are all behind a router, sharing one IP. How can I do to allow a specific IP for several users so that they can log in to my website using only their specific IP?
I have to restrict access to particular URL for an instance which is in VPC. In Security group, we are able to restrict Inbound/Outbound access only through IP address but not based on URL. How to create URL based ACLs in AWS?
Advance thanks for your help.
I'm not aware of any AWS service with this capability. You will need to configure this on the actual web server. Something like an Nginx reverse proxy with allow/deny rules.
I am in the process of creating a Ruby on rails portal
This portal requires a lot of data feeding by the site owner's back-office personnel.
My client has this problem :
the office staff should not be able to access the back office interface from any other than his office computers
I have no idea how to achieve this. Is there a method for this?
Thanks in advance.
Edit:
Is tracking the Mac address a good solution.? is it possible if a ok?
I don't think that you should do anything in rails - this should be configured elsewhere. If rails is running on Apache then see mod_access.
The best way to set this up is to have the app hosted INSIDE the organisation's firewall. Best option - server lives inside the company on a subnet isolated entirely from direct internet access.
If you currently host outside the company, you can set up a firewall that prevents access from unknown IP addresses. You would only accept requests that come from the company's IP ranges. Ideally, you do this at the host/operating system level.
If that can't work, you can do add to your Rails authentication - detect the IP address of the request and if it is not in the company range, prevent access.
found a solution. Using a java applet one can access the machine's hardware details including MAC address. am using this idea.