Providing Access based on Client IP Address

Similar Messages

• VNC access to remote clients assigned address from vpnclient ip pool

  Hi,
  I was wondering if anyone knows if it is possible to vnc to remote vpn clients that are assigned an address from a client IP pool defined on the pix.
  The remote clients are using cisco vpn client, the access-list is a dynamic acl downloaded from a tacacs server.
  thanks.

  It is not possible to vnc to remote vpn clients that are assigned an address from a client IP pool defined on the pix

• CSS redirect based on client IP address?

  We have a number of web servers behind CSS11500. We would like to be able to send an http redirect to a client browser, depending on the client's IP address.
  I had thought this might be possible using ACL but I can't find anything that seems to fit the bill. Can anyone suggest whether this is even possible, and how?

  create a redirect service.
  Then you can use an acl like this :
  clause 10 permit tcp x.x.x.x destination content prefer
  Gilles.

• Logo on SAP easy access to based on client ID

  hi ,
  we have requirement to upload 2 logo to appear on sap easy access based on the client ID  those logo's has to be appear ..
  please share how to acheive this.
  thanks
  Guru

  Hi,
  Which procedure you follow to upload the image?
  Please follow the steps..I have same environment like you and i successfully uploaded.. Hope this will help you...
  T.code : SMWO
  "X - Binary data for WebRFC application "
  <Enter>
  < Execute>
  Go to Settings-Maintain MIME types
  Click " Create"
  Type : image/gif EXTENSION:.GIF , " SAVE"
  Go to Binary data for WEBRFC , < Create>
  Obj.name : Z<name>.GIF Description: Company Logo
  " Import" .Specify the path name where your .GIF file locatd.
  < Transfer>
  Your logo must br shown in the Binary data for WEBRFC
  Now go to the t.code SM30- Go to " Table/ VIew- SSM_CUST
  < Maintain> < New Entries>
  The entries should be like below..
  Name                                                        Value to be set
  START_IMAGE                                        Z<name>.GIF
  RESIZE_IMAGE                                        NO
  Now log off and log in. You can see the logo in the right hand side of the SAP screen.
  With Regards
  Bhuban

• Conditional button based on client's IP address

  i know this is not secured, but ....
  I have little app with no login. It is a documentation for our project, it uses a tree, .... bla bla bla
  nobody can change anything (it is really just a few pages of documentation). I want one, just one, user to be able to edit one form for next few weeks. My idea was to add "SAVE" button and make it conditional based on his IP address or computer name. Is there a way how to do this?
  thanks
  jiri

  Just make the button conditional upon the following PL/SQL expression
  owa_util.get_cgi_env('REMOTE_ADDR')='xx.xx.xx.xx'Best practices: You should create a named authorization scheme with that code (returns true/false to allow/deny access) and attach that scheme to the button and any After-Submit processes that actually does the save.
  Hope this helps.

• AnyConnect VPN Clients IP Address access rules

  I setup ASA5540 for SSL-VPN (clientless) works fine.
  But I try to use Client (AnyConnect) to access internal resources, it is failed.  It is stiil initiate sessions from remote client IP.
  I need to initiate session from client IP assigned by ASA5540 box (same with Cisco VPN client connect to Cat65 SVC module).
  How I setup it?

  I use Cisco VPN client (remote access VPN)to connect ASA.
  There is a configuration setup for group authentication/w password on Cisco VPN client.I do not know to setup on ASA to match this?
  Second, remote client  connect ASA, I should get the client IP address which I setup on ASA.
  It should use this IP to connect ASA internal net,but I failed.( Both Cisco VPN and AnyConnect)
  How I setup this ( SSL VPN on this ASA works).

• How do I access the remote(requesting) clients IP address through the Portal API?

  How can I access the remote(requesting) clients IP address through the Portal API?
  On our 4.5 - IIS system, we can acces it using the Request.ServerVariables("Remote_Addr") in the ASP pages.
  We are deploying 5.0 on Java Portal and would like to be able to do this through the Portal's API so I can call it in one of our custom login Activity space or control etc.
  I have looked documentation for the HTTPServletRequest object. It seems like we should be able to access it through one of the methods getRemoteAddr if we can get a handle to HTTPServletRequest object through the Plumtree's framework.
  I think the XPRequest object encapsulates the HTTPServletRequest but I didn't see getRemoteAddr method listed in the Javadocs.
  Is there a way to access the client's IP address through the Plumtree's framework?
  I need to do this so we know the location of the user and in our business case we have fixed IP adresss which let us identify which location is user accessign the system from. We can't do this through preferences or profile because we have to use generic userid for the specifc group of users.
  Any help on this would be appreciated.
  Thanks.
  Vanita

  Hi, Vanita. For now, you can use
  stringsClientIP = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString();
  Hope that helps!
  Sarah

• Is it possible to to disconnect 2 wireless clients from my wireless network without access to the clients i.e. 2 iPads?

  Is it possible to disconnect 2 wireless clients from my network if I do not have access to the clients? ie 2 iPads.

  You would have to set up Timed Access for each device.
  This consists of specifying the amount of time each day that wireless devices will be allowed to connect to the network. You must provide a MAC or hardware address for each device, which is a long code that might look something like this, for example......A1-B2-C3-D4-E5-F6....and then specify the hours each day that this device is allowed to connect to the wireless network.
  You have to do this for each device, which is tedious. Devices that are not on the Access List cannot connect to the network at any time.

• Provide ip to the client

  it is there a way to provide the port to the client as the way we provide the ip , it is there any  server similar to the dns server can provide it ??????
  thank you for reply
  steve

  Hi,
  I think you need to create an manual binding on your router based on your clients IP address and MAC address.
  Have a look through the following link which explains how to achieve this:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75c.html
  Plus you need to add the following command to stop your router from leasing out the IP address of your default-router and thus causing ip conficts
  ip dhcp excluded-address 172.18.100.1
  Good luck
  Paddy

• I am automating the process of sending appointment reminders to my clients. I started with an alert with an email in calendar using the clients email address as a custom entry in my me card in my contacts. this was resulting in three emails being sent wit

  I am automating the process of sending appointment reminders to my clients. I started with an alert with an email in calendar using the clients email address as a custom entry in my me card in my contacts. this was resulting in three emails being sent with slightly different versions of the same address (see my previous post). Heating someone else's suggestion I created a workflow file to send an email and calling that file from an alert on my calendar. This is working and sends only one email to the client.
  My calendar is on I cloud and I access it from three different computers so I can keep my appointment calendar current. The files that send the email only exist on one computer. My other computers show error messages when those emails get sent. It seems that each computer wants to send the email. It's a small problem but is there a way that I could not get those alerts.
  But appreciate any thoughts about this. It seems like both problems might be related to the iCloud system.
  Thank you in advance,
  Michael

  Good work, catch so far Michael, does seem to be a "feature" of iCloud syncing, not sure what you could do to disable it.

• I want to sign out of current apple id and into another one but I no longer have access to my current email address so I cannot log out

  I want to sign out of current apple id and into another one that I own but I no longer have access to my current email address so I cannot log out (It is with an internet provider who I have just unsubscribed with)  This is on an iPhone 5S, on iOS 8.1.

  That email address is still a valid Apple ID. If you do not remember the passcode, sign onto Manage your Apple ID (Apple - My Apple ID) with that email address, and then click on Reset Password. You will be asked to answer your Security Questions in order to reset the password. If you do not remember the answers to your Security Questions, contact Apple Support to reset them for you:
  ACCOUNT SECURITY CONTACT NUMBERS
  Cheers,
  GB

• Retrieve Client IP Address in a Oracle WebServices Manager Custom Policy

  Hi everybody,
  For some reasons i had to implement a custom policy in the OWSM, to restrict the access to webservices by Client IP Addresses. I´ve been following the examples for custom policies mentioned in the books: "Oracle Web Services Manager, Oracle Web Services Manager" by Sitaraman Lakshminarayanan, and the "Oracle® Web Services Manager Extensibility Guide 10g (10.1.3.3.0)" by Oracle. I followed the examples mentioned in those books to implement my Custom policy, the policy is successfully deployed to OWSM and it works, only by the issue that when i want to retrieve the Client Ip address it returns null, and following the example by the Oracle Guide, the HttpServletRequest its also returns null, im desperated because in every site that i finally find some info about it, quotes any of these 2 examples in those books, and mine doesnt work! this is the code of the custom policy, i´ve combined the 2 aproaches:
  package project1;
  import com.cfluent.ccore.util.logging.ILogger;
  import com.cfluent.ccore.util.logging.Level;
  import com.cfluent.ccore.util.logging.LogManager;
  import com.cfluent.pipelineengine.container.MessageContext;
  import com.cfluent.policysteps.sdk.AbstractStep;
  import com.cfluent.policysteps.sdk.Fault;
  import com.cfluent.policysteps.sdk.IMessageContext;
  import com.cfluent.policysteps.sdk.IResult;
  import com.cfluent.policysteps.sdk.InvocationStatus;
  import com.cfluent.policysteps.sdk.Result;
  import java.util.HashMap;
  import java.util.Iterator;
  import java.util.Vector;
  import javax.servlet.http.HttpServletRequest;
  public class CustomPolicy extends AbstractStep {
  private static String CLASSNAME = CustomPolicy.class.getName();
  private static ILogger LOGGER = LogManager.getLogger(CLASSNAME);
  private String allowedIpAddress = null;
  private String allowedRoleName = null;
  private String protectedServiceMethodName = null;
  public CustomPolicy() {
  public void init() throws IllegalStateException {
  // nothing to initialize
  public void destroy() {
  * This is the main method which will validate that the request is coming from
  * the correct IP Address and has permission to access the specified metod.
  public IResult execute(IMessageContext messageContext) throws Fault {
  LOGGER.entering(CLASSNAME, "execute");
  Result result = new Result();
  result.setStatus(IResult.FAILED); //initialize result
  String processingStage = messageContext.getProcessingStage();
  LOGGER.log(Level.INFO, "Processing stage is " + processingStage);
  HttpServletRequest httpServletRequest = (HttpServletRequest)
  messageContext.getProperty("javax.servlet.request");
  String remoteAddr = httpServletRequest.getHeader("Host");
  LOGGER.log(Level.SEVERE, "Dir IP:"+remoteAddr);
  String remoteHost = httpServletRequest.getRemoteHost();
  LOGGER.log(Level.INFO, "ADDR" + remoteAddr+ "HOST"+remoteHost);
  boolean isRequest =
  (IMessageContext.STAGE_REQUEST.equals(messageContext.getProcessingStage()) ||
  IMessageContext.STAGE_PREREQUEST.equals(messageContext.getProcessingStage()));
  //Execute the step Only when its a Request pipeline else return success
  if (!isRequest) {
  result.setStatus(IResult.SUCCEEDED);
  return result;
  MessageContext msgCtxt = (MessageContext)messageContext;
  String _MethodName = msgCtxt.getRequest().getMethodName();
  LOGGER.log(Level.INFO,
  "Writing Allowed IP Addr before creating SOAP header " +
  allowedIpAddress);
  LOGGER.log(Level.INFO,
  "Writing Remote IP Addr before creating SOAP header " +
  msgCtxt.getRemoteAddr());
  /*LOGGER.log(Level.INFO,
  "Writing Remote IP Addr before creating SOAP header " +
  remoteAddr);*/
  String cadTempo = allowedIpAddress;
  Vector vect = new Vector();
  for (int i = 0; i < allowedIpAddress.length(); i++) {
  if (cadTempo.indexOf(",") != -1) {
  //vect.add(cadTempo.substring(0, cadTempo.indexOf(",") - 1));
  vect.add(cadTempo.substring(0, cadTempo.indexOf(",")));
  cadTempo =
  cadTempo.substring(cadTempo.indexOf(",") + 1, cadTempo.length());
  LOGGER.log(Level.INFO,
  "AQUI111");
  } else {
  if (!cadTempo.equalsIgnoreCase("")) {
  vect.add(cadTempo);
  LOGGER.log(Level.INFO,
  "AQUI222");
  break;
  for(int i=0;i<vect.size();i++){
  String temp = (String)vect.get(i);
  if (temp.equals(msgCtxt.getRemoteAddr()) &&
  _MethodName.equals(protectedServiceMethodName)) {
  LOGGER.log(Level.INFO,
  "AQUI333");
  result.setStatus(IResult.SUCCEEDED);
  break;
  } else {
  msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
  LOGGER.log(Level.INFO,
  "AQUI444");
  /*if(allowedIpAddress!=null){
  result.setStatus(IResult.SUCCEEDED);
  /*if (allowedIpAddress.equals(msgCtxt.getRemoteAddr()) &&
  _MethodName.equals(protectedServiceMethodName)) {
  result.setStatus(IResult.SUCCEEDED);
  } else {
  msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
  // Set the result to SUCCESS
  //result.setStatus(IResult.SUCCEEDED);
  return result;
  public String getIpAddress() {
  return allowedIpAddress;
  public void setIpAddress(String IpAddress) {
  this.allowedIpAddress = IpAddress;
  LOGGER.log(Level.INFO, "IP Address is.. " + allowedIpAddress);
  public String getServiceMethodName() {
  return protectedServiceMethodName;
  public void setServiceMethodName(String serviceMethodName) {
  this.protectedServiceMethodName = serviceMethodName;
  public String getRoleName() {
  return allowedRoleName;
  public void setRoleName(String roleName) {
  this.allowedRoleName = roleName;
  And the xml:
  <csw:StepTemplate xmlns:csw="http://schemas.confluentsw.com/ws/2004/07/policy"
  name="Custom authenticate step" package="project1"
  timestamp="Oct 31, 2005 05:00:00 PM" version="1"
  id="0102030405">
  <csw:Description>Custom step that authenticates the user against the
  credentials entered here. This step requires Extract
  credentials to be present before it in the request pipeline.</csw:Description>
  <csw:Implementation>project1.CustomPolicy</csw:Implementation>
  <csw:PropertyDefinitions>
  <csw:PropertyDefinitionSet name="Basic Properties">
  <csw:PropertyDefinition name="Enabled" type="boolean">
  <csw:Description>If set to true, this step is enabled</csw:Description>
  <csw:DefaultValue>
  <csw:Absolute>true</csw:Absolute>
  </csw:DefaultValue>
  </csw:PropertyDefinition>
  </csw:PropertyDefinitionSet>
  <csw:PropertyDefinitionSet name="Custom Access Rules">
  <csw:PropertyDefinition name="IpAddress" type="string" isRequired="true">
  <csw:DisplayName>IpAddress</csw:DisplayName>
  <csw:Description>IP Address that is allowed access</csw:Description>
  <csw:DefaultValue>
  <csw:Absolute>192.168.0.1</csw:Absolute>
  </csw:DefaultValue>
  </csw:PropertyDefinition>
  <csw:PropertyDefinition name="ServiceMethodName" type="string"
  isRequired="true">
  <csw:DisplayName>ServiceMethodName</csw:DisplayName>
  <csw:Description>Service Method Name that is Protected (Secured)</csw:Description>
  <csw:DefaultValue>
  <csw:Absolute>getTime</csw:Absolute>
  </csw:DefaultValue>
  </csw:PropertyDefinition>
  </csw:PropertyDefinitionSet>
  </csw:PropertyDefinitions>
  </csw:StepTemplate>
  Please any tip or idea is welcome, thanks in advance for the help.
  Carlos.

  Hi again
  copied your code for testing. And it works fine.
  So both the code and policy-step definition is fine, log output below.
  What is your log output?
  Using soapui to send the request will give the ip of my localhost, using the test client will give the ip of the server, because that is the actual client.
  I guess the server ip is 192.168.0.1 in your case, as you are testing from test console.
  <b>anyway, results from SOAPUI:</b>
  2009-05-19 09:52:15,096 FINE [HTTPThreadGroup-4] CSWComponent - Executing policy step. Policy='SID0003004', Step Name='Custom Policy Step', Step Class='com.*.soa.wsm.CustomPolicy'
  2009-05-19 09:52:15,096 FINER [HTTPThreadGroup-4] wsm.CustomPolicy - com.*.soa.wsm.CustomPolicy execute:ENTERING
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Processing stage is Request
  2009-05-19 09:52:15,096 SEVERE [HTTPThreadGroup-4] wsm.CustomPolicy - Dir IP:hostname.domain:8890
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - ADDRhostname.domain:8890HOST10.47.89.116
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - MethodName=getHostNameElement
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.89.116
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
  2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
  2009-05-19 09:52:15,097 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI333
  2009-05-19 09:52:15,097 FINER [HTTPThreadGroup-4] agent.Agent - com.cfluent.agent.Agent intercept:ENTERING
  <b>But if I use the test client the remote IP would be 10.47.137.50 and execution fails, as code is written</b>
  <i>
  2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
  2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.137.50
  2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
  2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
  2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
  2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
  2009-05-19 09:54:12,267 FINE [HTTPThreadGroup-4] CSWComponent - Step execution failed: Policy=[SID0003004] Pipeline=[Request] Step Name=[Custom Policy Step] Step Class=[com.tandberg.soa.wsm.CustomPolicy]
  2009-05-19 09:54:12,267 FINER [HTTPThreadGroup-4] common.PrepareForServiceStep - Step PrepareForServiceStep called
  </i>

• UNABLE TO RETRIEVE THE CLIENT IP ADDRESS AND HOST NAME OF A PORTAL USER

  I'm trying to retrive the client IP address and host name of a portal user
  trying to access a portal page using APIs:
  PortletRenderRequest portletRequest =
  (PortletRenderRequest)request.getAttribute(HttpCommonConstants.PORTLET_RENDER_REQUEST);
  HttpServletRequest servletRequest =
  (HttpServletRequest)portletRequest.getAttribute(HttpCommonConstants.SERVLET_REQUEST);
  String l_szClientIPAddress = servletRequest.getRemoteAddr();
  String l_szClientHost = servletRequest.getRemoteHost();
  but i found that for all portal users on different machines IP addresses, the
  returned IP is the same for all which is Portal middle tier IP address.
  So how can retrive the IP addess of a portal user trying to access a portal
  page ?

  Brijesh,
  Do you mean how to see hostname/ip address of client requests processed by the server? If yes, depending on what's your front ending component - Web Cache or OHS, you can configure the access log format to have this information recorded in either of these component's access log file.
  For Web Cache access log file, refer this:
  http://download.oracle.com/docs/cd/B14099_19/caching.1012/b14046/diagnostics.htm#sthref2090
  For OHS access log file, refer this:
  http://download.oracle.com/docs/cd/B14099_19/web.1012/b14007/servlog.htm#sthref439
  By default, both Web Cache and OHS are configured to use Common Log Format (CLF) that does record hostname/ip address so if you haven't made any changes to log format, this info is already there for you. Look for $ORACLE_HOME/webcache/logs/access_log file for Web Cache and $ORACLE_HOME/Apache/Apache/logs/access_log file for OHS.
  Thanks
  Shail

• How to retrieve the client IP address when Apache acts as a proxy for Tomca

  Hello,
  I am trying to retrieve the client IP address accessing the web
  services. Because Apache is our proxy for all requests, when I try to
  retrieve the client IP I always get the localhost IP: 127.0.0.1
  The following code returns the localhost IP:
  MessageContext msgContext = MessageContext.getCurrentContext();
  if(msgContext != null) {
  return msgContext.getProperty(Constants.MC_REMOTE_ADDR).toString();
  return "Unknown";
  From a servlet, obtaining the client IP address can be achieved using
  this code.
  String ipAddress = request.getHeader("x-forwarded-for");
  if (ipAddress == null) {
  ipAddress = request.getHeader("X_FORWARDED_FOR");
  if (ipAddress == null){
  ipAddress = request.getRemoteAddr();
  return IPaddress ;
  Any help is greatly appreciated.
  Thank you very much

  @ejp....
  thanks buddy....
  u made my world a better place to live.....

• Role based on Client IP

  Hi all. A customer would like to assign a role to users based on their
  IP address. I've taken a look to the Developer Kit and I've seen the
  Client IP is available only for Authentication Condition and not for
  Role Condition.
  Is there another way to achieve this? Thanks,
  Alessandro
  afolli
  afolli's Profile: http://forums.novell.com/member.php?userid=6964
  View this thread: http://forums.novell.com/showthread.php?t=382220

  Hey the other post will help you. Put the getSelectItemList method in your backing bean and bind the selectItemsList to your drop down in the jspx. That should work.