I am in the process of creating a Ruby on rails portal
This portal requires a lot of data feeding by the site owner's back-office personnel.
My client has this problem :
the office staff should not be able to access the back office interface from any other than his office computers
I have no idea how to achieve this. Is there a method for this?
Thanks in advance.
Edit:
Is tracking the Mac address a good solution.? is it possible if a ok?
I don't think that you should do anything in rails - this should be configured elsewhere. If rails is running on Apache then see mod_access.
The best way to set this up is to have the app hosted INSIDE the organisation's firewall. Best option - server lives inside the company on a subnet isolated entirely from direct internet access.
If you currently host outside the company, you can set up a firewall that prevents access from unknown IP addresses. You would only accept requests that come from the company's IP ranges. Ideally, you do this at the host/operating system level.
If that can't work, you can do add to your Rails authentication - detect the IP address of the request and if it is not in the company range, prevent access.
found a solution. Using a java applet one can access the machine's hardware details including MAC address. am using this idea.
Related
I'm trying to make my network server online and link it to a system and an application that I designed. However I don't want to make a website to upload the server to. Is this possible? Can I link my server directly to my software and my application via the internet? Thanks.
You can connect to servers with out the world wide web.
Their is for example the Gropher protocol.
Most likely this is not what you are looking for.
If you want to reach your server from the outside you need a public IP address. Your internet provider has to give you one. You could get around this, if you know someone with a public IP who accepts to forward your traffic.
I am trying to view a website using its IP Address, but failed to do so. What am I doing wrong?
The website IP address is provided in the image below.
Do you have a Webuzo or cPanel ?. If you have two IP addresses in one VPS, you have to try parking a secondary IP address in Webuzo or cPanel like parking a domain. I had tried this method if your VPS provider has supported it.
But now for me, my new VPS provider does not support it. I do not know why they do not support it ?. I have a feeling that my old VPS provider uses SolusVM and SolusVM has made default network so that we can park a secondary IP address in Webuzo or cPanel.
I also ask about that in this forum to build manually in CentOS 7 so that I can try parking a secondary IP address in Webuzo. I also hope get the answer in this forum.
If you are using cPanel then you can access it as IP/~cpanelusername
If you can provide more details regarding your webserver then it will help. Also, is the IP shared for other services?
is it a dedicated IP assigned to the website ? if so you should be able to access the website with the IP provided its a dedicated IP assigned to it.
I have a website running on a Linode server, so far so good. This website has an auth system built on top of devise. Users can login, do their stuff and be happy.
For the admin area (still programming) I want to have a secure VPN connection to access the data, because the admins will have access to all kinds of information from the users. I was thinking about a direct connection between their computers to the website.
The problem is that I didn't found a way to integrate VPN in a rails application and I don't have a clue of how this works outside a rails app.
Please, I really need to get this done.
OpenVPN is a setup that needs to be done on the server, and has got nothing to do with Rails. AFAIK you cant restrict a part of the web-app to be accessible only over VPN, unless ofcourse, you have a different web-app for such admin area, bind it/run it on a different IP, which is accessible only through VPNs like these.
An ideal setup would be.
x.x.x.x:80 - Public Web-App used by Users.
y.y.y.y:MNOP - Private Secure Web-App used by Admins
VPN access to y.y.y.y network over secure SSL Tunnel using Open VPN.
Refer: https://openvpn.net/index.php/open-source/documentation/howto.html to know how to setup VPN. Or else, there are lots of tutorials out there to help you out.
I'm trying to deploy my Reporting Services application to a remote site. I'm using url access and I want to impersonate a user based on an ip address range.
Is this possible?
Maybe by putting some firewall rules between the reports server and the client you could stop deny/allow certain ip addresses, but i've never come across anything like that built into reporting services
There isn't anything like that built into Reporting Services. But I can think of a couple of alternatives.
Usually the Reporting Services website and web service are running under IIS. You can configure IIS to block access by IP address. Depending on what version of IIS you are using, the instruction may vary. I would just google it. This would be the easiest way in my opinion.
First thing to note is that I haven't tested the second way, it is just an idea. Since the Reporting Services website and web service run under Asp.Net, in theory you could create a custom IHttpModule and add it to the web.config. Hanselman has an nice article about coding up such a IHttpModule and configuring the web.config here.
This is an old post, but we are trying to do the same thing. Firewall is the way to do it - SSRS doesn't use IIS, so it isn't possible through IIS.
We have 2 subnets (VLAN1 and VLAN2). TFS is installed on server with both network interfaces .
Domain controller is up for all subnets.
VLAN1 is main office with many computers (and users). VLAN2 in highly secured area for developers only.
VLAN1 users use TFS for posting bugs, viewing progress etc. VLAN2 users use it at full.
The problem is - to restrict access to sources from VLAN1 even for developer user accounts.
Denying access to TFS from VLAN1 for developer users - is valid answer too, but i do not know how((
Any ideas??
EDIT - From comment to answer from #Robaticus
The point is to restrict reading sources from outside.
If you block (at the network) port 8080 (the default), users won't have access to TFS through Team Explorer, only through the website at port 8090 (also the default).
Valid users would still be able to view source through the web portal, but would not be able to update it.
EDIT
Based on the requirement to restrict reading of sources from people outside, if you first do what was mentioned above (blocking 8080), you could always secure the directories for the source control under Team System Web Access. This might be a little ugly (giving 401 errors), but it might work.
It looks like the directory that would need to be secured is under the website:
Team System Web Access->UI->Pages->Scc
This would remove source code browsing from the Web UI for everyone, though. In my opinion, that wouldn't be a real problem, as this function likely gets used only rarely.