restrict access by matching a static ip address
Moderator: General Moderators
restrict access by matching a static ip address
Hi all,
our team have developed a web application to a particular company.that company is accessing the web application.That company maintain a static ip to log in.They have multiple computers in side that static ip address.Users can login to the system using their user name & passwords at any time & from any where.
So company management wants to allow their users to log to the system when they comes from their company static ip address. It means they cannot access to the system from outside of the company.So can i get the company static ip address from the login page????.
This what i have been thinking.....
Store the static ip address in the users table and match the ip address with the ip address got from the login page...
So to that i need to get ip address from login page.
any idea would be great.
Thanks in advance.......
our team have developed a web application to a particular company.that company is accessing the web application.That company maintain a static ip to log in.They have multiple computers in side that static ip address.Users can login to the system using their user name & passwords at any time & from any where.
So company management wants to allow their users to log to the system when they comes from their company static ip address. It means they cannot access to the system from outside of the company.So can i get the company static ip address from the login page????.
This what i have been thinking.....
Store the static ip address in the users table and match the ip address with the ip address got from the login page...
So to that i need to get ip address from login page.
any idea would be great.
Thanks in advance.......
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: restrict access by matching a static ip address
$_SERVER['REMOTE_ADDR'] ?
Do they want some sort of 'remember me' option with this? I don't quite understand what they have in mind
Do they want some sort of 'remember me' option with this? I don't quite understand what they have in mind
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: restrict access by matching a static ip address
.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
There are 10 types of people in this world, those who understand binary and those who don't
Re: restrict access by matching a static ip address
Thanks All,
social_experiment
yes,some sort of 'remember me' option.
VladSun
So i cannot allow access the server to only one ip address
Any help.......
thanks in advance.......
social_experiment
They want to restrict all the users,who are not coming from their company ip address.means users cannot access the system from different locationssocial_experiment wrote:$_SERVER['REMOTE_ADDR'] ?
Do they want some sort of 'remember me' option with this? I don't quite understand what they have in mind
yes,some sort of 'remember me' option.
VladSun
Problem is,in my server there is another system running.Actually two systems & different users & different companies.VladSun wrote:.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
So i cannot allow access the server to only one ip address
Any help.......
thanks in advance.......
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: restrict access by matching a static ip address
For a "remember me" option you will need an additional check, something like a cookie.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: restrict access by matching a static ip address
Just a note that IPs can be spoofed relatively easily, so this restriction should not be considered a valid security measure.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: restrict access by matching a static ip address
Thanks all,
But the company people wont listen to this.....
But can u tell me how can i get the ip address from the index page.......
Thanks in advance....
Yes i know pickle,pickle wrote:Just a note that IPs can be spoofed relatively easily, so this restriction should not be considered a valid security measure.
But the company people wont listen to this.....
social_experiment wrote:For a "remember me" option you will need an additional check, something like a cookie.
But can u tell me how can i get the ip address from the index page.......
Thanks in advance....
Re: restrict access by matching a static ip address
http://httpd.apache.org/docs/1.3/mod/mod_access.htmlishakya wrote:VladSunProblem is,in my server there is another system running.Actually two systems & different users & different companies.VladSun wrote:.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
So i cannot allow access the server to only one ip address
Any help.......
thanks in advance.......
Summary
The directives provided by mod_access are used in <Directory>, <Files>, and <Location> sections as well as .htaccess files to control access to particular parts of the server.
There are 10 types of people in this world, those who understand binary and those who don't
Re: restrict access by matching a static ip address
You can just insert this .htaccess rule in the subdirectory where the site for just that one company is located. It will protect that particular directory + any subdirectories inside it.ishakya wrote: VladSunProblem is,in my server there is another system running.Actually two systems & different users & different companies.VladSun wrote:.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
So i cannot allow access the server to only one ip address
(in the unlikely case that you're hosting two different sites in the same subdir: fix that first
Re: restrict access by matching a static ip address
thanks all for your support...
But i didn't get much of that....
can u explain it more please.......
Because I'm new with php & related stuff
So any explanations will be an advantage...
thanks in advance.....
But i didn't get much of that....
can u explain it more please.......
Because I'm new with php & related stuff
So any explanations will be an advantage...
thanks in advance.....
Re: restrict access by matching a static ip address
It's not PHP - it's Apache config.
Just create a .htaccess file in the root directory of the site you want to protect and write the lines I gave you above - change the IP, of course.
Also you have to be sure that .htaccess file rules are permitted by using http://httpd.apache.org/docs/1.3/mod/co ... owoverride
Just create a .htaccess file in the root directory of the site you want to protect and write the lines I gave you above - change the IP, of course.
Also you have to be sure that .htaccess file rules are permitted by using http://httpd.apache.org/docs/1.3/mod/co ... owoverride
There are 10 types of people in this world, those who understand binary and those who don't
Re: restrict access by matching a static ip address
thanks vladsun,
but can u tell me how to create a .htaccess file????
thanks in advance
but can u tell me how to create a .htaccess file????
thanks in advance
Re: restrict access by matching a static ip address
As usual?!? Nothing special about it.
There are 10 types of people in this world, those who understand binary and those who don't
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: restrict access by matching a static ip address
I have found that windows wont let you save a file without a name. I have to create a.htaccess, upload the file, then rename it to .htaccessVladSun wrote:As usual?!? Nothing special about it.