Block http/https from certain IPs

Hi,
Need advise on how to block http/https traffic from certain IPs. Created an AD group and added the machines to the group and then added a Access Policy to block 3 Protocols but it didn't work.
Any suggestions?

Hi,
In the WSA, you can configure Identity Policy based on the IP/Subnet and use this Identity in an Access policy to restrict access.
1). Go to WSA --> Web Security Manager --> Identities.
2). Create a new Identity and under "Membership Definition" --> "Define Members by subnet" enter the IP addresses.
3). Now go to Access policies, create a new Access policy and select the Identity created above.
4). Now you can go to "Protocols and User Agents" for the policy and block the protocols which you do not want the PC's the use.
-- Do Rate if helpful
Regards,
Kush

Similar Messages

  • How to allow access only from certain IPs?

    I have Portal Server 6.0 on Sun ONE Web Server and want to allow access to it only from certain IPs, i.e. if my IP differs from predefined, then access is denied (no page is opened).
    How can I implement this with minimal efforts?
    Thanks in advance!

    Where did you set the ACLs?
    When webclients connect direct to the portal/ids this is pretty straight forward using htttpacl files. When SRAP GW's are used for Internet portal access the web or app-server never sees the client IP thus those ACLs don't get applied.
    Am I missing something (won't be the first time... or the last:-)
    Cheers,
    -psr

  • Blocking mobile messages from certain mobiles.

    Can anyone tell me how to block mobile messages from a certain mobile source?
    Regards,
    Charlie Blank
    [removed personal information]
    Message Edited by dany_s on 11-12-2008 08:08 PM
    Solved!
    Go to Solution.

    Hi and welcome to the forums!
    You can block in one of two ways:
    1) You call block select types of text traffic. Go to OPTIONS/SECURITY/FIREWALL.
    You can select the type of message traffic to block. This will however block all incoming messages for that
    category. Example if you block SMS traffic, SMS messages from everybody will be blocked
    2) You can call the carrier and have the number blocked as spam. Depending on the amount of messages,
    you may be able to get the carrier to remove the texts from your bill.
    2a) If you use AT&T as a carrier you can block and control messages from the link below. I do not know
    if other carriers offer this service.
    http://mymessages.wireless.att.com/do/mail/settings/sendersControl
    Thanks,
    Please remember to resolve your thread. Put the check mark in the green box that contained your answer! Thanks  
    Click Accept as Solution for posts that have solved your issue(s)!
    Be sure to click Like! for those who have helped you.
    Install BlackBerry Protect it's a free application designed to help find your lost BlackBerry smartphone, and keep the information on it secure.

  • Blocking skype calls from certain parts of the wor...

    Hi, i was wondering if it's possible to configure my router or something to block incoming calls from people in the US calling me in europe while still being able to call people from europe to europe?

    Hello,
    That's not possible - nor necessary. Just adjust your "privacy" parameters
    TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
    I recommend that you always run the latest Skype version: Windows & Mac
    If my advice helped to fix your issue please mark it as a solution to help others.
    Please note that I generally don't respond to unsolicited Private Messages. Thank you.

  • I can allow pop-ups from certain sites in Tools/Settings, why then can I not also block pop-ups from certain sites since Firefox doesn't always manage to block them?

    Whenever I visit, for instance, merriam-webster.com an ad from groupon invariably pops up in a new window.
    OK, so Firefox does not manage to block it although I have this option checked in Tools/Settings/Content.
    But why can I not enter the URL of the groupon ad and manually block it?
    I can allow pop-ups from sites of my choice in Tools/Settings/Content, I think I should also be able to block sites?

    See - http://kb.mozillazine.org/Popups_not_blocked

  • Macbook Pro Crawling, noticing connections repeated from certain IPs

    My Mac book Pro has been crawling lately, I have reinstalled and wiped the hard drive, and I am suffering the same problem, particularly on wireless networks, with an SSID. I feel I may have acquired the issue when our network was not initially secured.
    Here is a sample of what is quite common in my log:
    Jul 1 21:55:50 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:49955 from 74.125.91.100:80
    Jul 1 21:55:55 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:49954 from 74.125.91.100:80
    Jul 1 21:55:55 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:49955 from 74.125.91.100:80
    Jul 1 21:57:35 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50067 from 74.125.91.100:80
    Jul 1 21:57:35 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50068 from 74.125.91.100:80
    Jul 1 21:57:35 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50067 from 74.125.91.100:80
    Jul 1 21:57:35 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50068 from 74.125.91.100:80
    Jul 1 21:57:36 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50067 from 74.125.91.100:80
    Jul 1 21:57:36 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50068 from 74.125.91.100:80
    Jul 1 21:57:37 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50067 from 74.125.91.100:80
    Jul 1 21:57:37 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50068 from 74.125.91.100:80
    Jul 1 21:57:39 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50067 from 74.125.91.100:80
    Jul 1 21:57:40 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50068 from 74.125.91.100:80
    Jul 1 21:57:44 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50067 from 74.125.91.100:80
    Jul 1 21:57:44 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50068 from 74.125.91.100:80
    Jul 1 21:57:54 ########-macbook-pro-15 Firewall[38]: Stealth Mode connection attempt to TCP ########.200.200:50074 from 64.233.161.147:80
    Thanks for your help!

    Since I've been trying to connect to my Mac from my windows work machine, I was surprised at how easy it was to access at least my home folder at ftp://[email protected] with just a simple username and password login. If someone thinks they have these items, they may be trying to connect, or perhaps it was a machine that used to be at your IP address.
    Disabling all file-sharing under System Preferences>Sharing along with maintaining your stealth mode (not broadcasting that there is a machine at your IP address) ought to stop any possible attempts. If the continual logging is giving you a problem, try and turn off the logging attempts. That may be a source of your performance crawl as well.

  • Blocking personal identifiers from certain calls

    I am doing research into a cold case crime from the 80's and now want to speak with people who may have some background insight into the perpetrator.
    At the same time, I am reasonably concerned that this suspect might come looking for me, were an interviewee to go back to him with my identifying information (we knew each other in school).
    So, is there a way to set up a different user name and number under my account, such that any of the people I speak to will think they're talking to "John Doe" at 000-555-1234? I understaand I can set up a unique number with Skype for a fee, but there's still the issue of being able to do research safely, under an alias.    Tks!

    flynnmd wrote:
    I am doing research into a cold case crime from the 80's and now want to speak with people who may have some background insight into the perpetrator.
    At the same time, I am reasonably concerned that this suspect might come looking for me, were an interviewee to go back to him with my identifying information (we knew each other in school).
    So, is there a way to set up a different user name and number under my account, such that any of the people I speak to will think they're talking to "John Doe" at 000-555-1234? I understaand I can set up a unique number with Skype for a fee, but there's still the issue of being able to do research safely, under an alias.    Tks!
    You may want to set up another Skype account, a separate account, which is free.  Then you could purchase some Skype Credit for making phone calls.  Don't do anything with the new account for Caller ID, and Skype will either put a phone number that only traces back to Skype, or a series of digits that isn't a real phone number (for example, 000-012-3456).   Unless you need people to call you back, you don't need an Online Number that would allow your Skype account to receive calls from telephones. 
    Of course, if you do this, please make sure to comply with Skype's Terms of Use when making those calls.  You don't want to be the recipient of harassment charges by trying to hide behind the use of Skype.  I'm not a lawyer, nor a Skype employee, but I would consider using a separate account from my "normal" Skype account if I had a need to do something like you mentioned. 
    Patrick
    Location/Ubicacion: Arizona USA
    Time Zone/Hora Local: UTC/GMT -7
    If this message has adequately addressed your issue, please click on the “Accept as Solution” button. If you found a post useful then please "Give Kudos" at the bottom of my post, so that this information can benefit others.
    Si esto mensaje le ha ayudado, por favor haga clic en "Aceptar como solución". Si encuentra un mensaje útil, por favor "Da Kudos" al final del mensaje, por lo que esta información puede beneficiar a otros.
    I am not a Skype employee. No soy un empleado de Skype.

  • It seems that I can't receive emails from certain sites. They are not on the blocked list. How do I fix this?

    No matter what I do I can't receive emails such as newsletters from certain companies. I have looked several times on the blocked list and they are not there. It happened after my computer tech changed me to FireFox. How can I fix this?

    Firefox doesn't do email, it's strictly a web browser.
    If you are using Firefox to access your mail, you are using "web-mail". You need to seek support from your service provider or a forum for that service.
    If your problem is with Mozilla Thunderbird, see this forum for support.
    [http://www.mozillamessaging.com/en-US/support/] <br />
    or this one <br />
    [http://forums.mozillazine.org/viewforum.php?f=39]

  • How to transfer the http request from applet to servlet/jsp

    I use the JTree component to create a navigation of a website,but i don't
    know how to connect the tree's nodes with the jsp/servlet.
    I mean how to transfer the http request from the applet to a jsp.
    I use the "<frameset>" mark which will divide the web browse into 2 blocks.
    The left side is Applet,and the right side is the linked jsp page.
    what I say is as the weblogic console layout.
    who can help me!!!
    Thank You!

    I use the JTree component to create a navigation of a website,but i don't
    know how to connect the tree's nodes with the jsp/servlet.
    I mean how to transfer the http request from the applet to a jsp.
    I use the "<frameset>" mark which will divide the web browse into 2 blocks.
    The left side is Applet,and the right side is the linked jsp page.
    what I say is as the weblogic console layout.
    who can help me!!!
    Thank You!

  • ISA570 Block Non-HTTP Access by FQDN instead of IP Address

    Does anyone know a way to block any access to a site by FQDN instead of its ip address on the ISA500 series devices?  I know you can block website access with Web URL filtering using FQDNs, but what it you want to block non-HTTP traffic to a site that has either multiple IPs or dynamic IPs?  I typically use  Address Management to setup sites that I want to limit or block, but you have to define specific IPs or ranges and that doesn't always work especially if host IPs are dynamic.   Also, host static IPs can change over time so even if you define them in Address Management you have to periodically audit them to make sure they are still correct.
    This is not only an issue with blocking sites, but also in trying to define QoS policies as those use addresses defined in Address Management which again use specific IPs or ranges.  I am just trying to find a more reliable, long term, method of doing these types of management activities on the ISA500 devices.
    Thanks for any advice.

    I am pretty sure you cannot do this on ISA.  I think you could use opendns.com to accomplish blocking non-http sites by FQDN.  You could do blocking and QOS by FQDN  with what Cisco generally considers the replacement for this product, the Meraki MX60.

  • HTTPS connection from emulator

    Hello friends,
    I want to send https request from emulator from my application..
    when I am trying to send HTTPS request from emulator(wtk22's default emulator) it gives error
    javax.microedition.io.ConnectionNotFoundException: TCP open
         at com.sun.midp.io.j2me.socket.Protocol.connect(+99)
         at com.sun.midp.io.ConnectionBaseAdapter.openPrim(+52)
         at com.sun.midp.io.j2me.socket.Protocol.openPrim(+108)
         at com.sun.midp.io.ConnectionBaseAdapter.openPrim(+14)
         at com.sun.midp.io.ConnectionBaseAdapter.openPrim(+8)
         at com.sun.midp.io.j2me.https.Protocol.connect(+167)
         at com.sun.kvem.io.j2me.https.Protocol.connect(+4)
         at com.sun.midp.io.j2me.http.Protocol.streamConnect(+57)
         at com.sun.kvem.io.j2me.https.Protocol.streamConnect(+4)
         at com.sun.midp.io.j2me.http.Protocol.startRequest(+12)
         at com.sun.midp.io.j2me.http.Protocol.sendRequest(+38)
         at com.sun.midp.io.j2me.http.Protocol.sendRequest(+6)
         at com.sun.midp.io.j2me.http.Protocol.getResponseCode(+8)
         at bd.a(+97)
         at cj.run(+155)
    XML Response: null
    * Application is working fine on device/Mobile.......i.e.from mobile i can send https request successfully ...*
    so wts the problem with emulator...can anybody help me?
    Thanks in advance
    Regards,
    Parag

    Could you explain how transport protocol influences certificate exchange during SSL session?

  • Https connection from Provider

    I am creating an https URLConnection from a Provider. I generally use
    com.sun.net.ssl.internal.ssl.Provider from the jsse package. Does anyone
    know which class I should use in the portal environment. I am searching
    through the lib jars and don't see anything yet?

    I just answered my own question by trial and error. You do not have to set
    any Security or System properties, it's already taken care of (I don't know
    where?). Https URLs magically work.
    "James McCartney" <[email protected]> wrote in message
    news:a125vf$[email protected]..
    I am creating an https URLConnection from a Provider. I generally use
    com.sun.net.ssl.internal.ssl.Provider from the jsse package. Does anyone
    know which class I should use in the portal environment. I am searching
    through the lib jars and don't see anything yet?

  • HTTPS connection from servlet to another webserver

    Hi,
    We want to make a https connection from a servlet in weblogic server to another
    web server (not necessarily weblogic). We also need dual authentication. But whenever
    we use URL.openConnection(), it always returns us weblogic's internal https and
    SSL implementation. Since weblogic has no documentation about how to use these
    internal classes, such as how to set trusted server certificate, and how to set
    client certificate (servlet is a client of another web server). We want to use
    jsse, after setting JSSE required system properties, I still get a weblogic's
    httpsURLConnection. Can any of you tell me how to resolve this issue?
    Thanks.
    Xinshi

    Yeah, I'm using JSSE now. Here is what I did:
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provide());
    Provider prov = new SimpleSecureProvider();
    prov.setProperty("SecureRandom.efficient", "test.EfficientSecureRandom");
    Security.insertProviderAt(prov, 1);
    You don't really need the provider stuff to get the example working. I use it
    to get around a quick in JSSE where the random number generator takes 15-30 seconds
    to generate a random sequence at start up.
    SimpleSecureProvider looks like this:
    public class SimpleSecureProvider extends Provider
    public SimpleSecureProvider()
    super("SimpleSecureProvider-", 1.0, "Hack to enable more efficient random
    seed generator");
    test.EfficientSecureRandom is bascially an exact copy of Sun's SecureRandom.java
    with the only difference that I used my own random number generator.
    Anyway, rest of the code you need looks like this:
    URL url= new URL("htps://someplace.com");
    URLConnection sconnection = url.openConnection();
    Do whatever.
    I also stored jcert.jar, jnet.jar, jsse.jar in /usr/java/jdk1.3/lib/ext
    I think that is everything.
    I just noticed that service pack 9 has a security example that does not require
    all these jsse hacks. I'm trying to get it to work, but not having much luck.
    Anybody got this working right?
    "Jayesh Patel" <[email protected]> wrote:
    See if this works,
    1. Add the 'j2ee.jar' to CALSSPATH in weblogic startup script.
    2. Set the property SSLHandlerEnabled flase in config.xml
    3. Add the following property permission to the
    weblogic.policy' file under a 'grant' directive
    for all codebases (bottom): 'permission java.security.AllPermission'
    4. Use the following bit of source code to create an https connection:
    import com.sun.net.ssl.*; ....
    com.sun.net.ssl.HttpsURLConnection connection;
    System.setProperty ("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    java.security.Security.addProvider(new
    com.sun.net.ssl.internal.ssl.Provider() );
    URL url = new URL( "https", hostname, query );
    -Jayesh
    connection = (com.sun.net.ssl.HttpsURLConnection )url.openConnection(
    "Xinshi Sha" <[email protected]> wrote in message
    news:[email protected]...
    Hi,
    We want to make a https connection from a servlet in weblogic serverto
    another
    web server (not necessarily weblogic). We also need dual authentication.But whenever
    we use URL.openConnection(), it always returns us weblogic's internalhttps and
    SSL implementation. Since weblogic has no documentation about how
    to
    use
    these
    internal classes, such as how to set trusted server certificate, andhow
    to set
    client certificate (servlet is a client of another web server). Wewant to
    use
    jsse, after setting JSSE required system properties, I still get aweblogic's
    httpsURLConnection. Can any of you tell me how to resolve this issue?
    Thanks.
    Xinshi

  • HTTPS connection from database

    Hi all,
    I have to implement https connection from a database with a Web server which requests a client certificate. I have the certificate in the wallet, but UTL_HTTP does not send it to the Web server.
    So, is there any way to connect to a Web server which requires a client certificate?

    Could you explain how transport protocol influences certificate exchange during SSL session?

  • HTTPS connection from portal to external webserver

    Hi,
    I am looking for a way to open a HTTPS connection from portal server to an external webserver. According to <a href="http://help.sap.com/saphelp_nw04/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm">SAP</a> the code should look like
    KeyStore keystoreCAs = ...
    SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
    HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
    Does not look difficult, <b>but how do I create the keystore object</b>? The keystore object should somehow be connected to the portal server's keystore which manages the certificates of trusted Certificate Authorities.
    Any ideas?
    Regards,
    Martin

    Hi,
    meanwhile I solved the problem by my own. The solution slightly simplified is given below.
    javax.naming.InitialContext ctx = new javax.naming.InitialContext();
    java.lang.Object o = ctx.lookup("keystore");          
    com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub manager = (com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub) o;
    java.security.KeyStore keystoreCAs = manager.getKeystore("TrustedCAs");     
    com.sap.security.core.server.https.SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
    java.net.HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
    For connecting via a proxy the host name and port number of the proxy have to be set as System properties using "https.proxyHost" and "https.proxyPort".
    java.util.Properties systemSettings = System.getProperties();
              systemSettings.put("proxySet", "true");
              systemSettings.put("https.proxyHost","192.168.0.1") ;
              systemSettings.put("https.proxyPort", "80") ;
    Additionally you have to make sure that the server's certificate is issued by a trusted Certification Authority (Must have an entry in your Keystore "TrustedCAs"). To verify this use the Visual Administrator and view service "Key Storage".
    Regards,
    Martin

Maybe you are looking for