Restrict application access based on IP address
Hi!
I am a newbie to Oracle Application Server, and I want to know if there is any way to restrict access to particular applications such as 'ascontrol' based on IP address.
I am using Oracle Application Server 10g.
Regards
Drini
You can see dms.conf file for something like that.
Order deny, allow
deny from all
allow from 10.0.0.1
This only allow 10.0.0.1 to see something.
Greetings
Similar Messages
-
How to restrict VK11 access based on condition class D (Tax)
hi ,
I have a requirement to restrict VK11 access based on condition class D (Tax). Because all users should not have access to maintain tax data in VK11 while general pricing data they can maintain. when condition class is D then we should have control.
Thanks
AkhileshHi Akhilesh,
Please find the below link and click on View article.
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
how to create authorization object?
Thanks
Dasaradha -
I would like to combine <cfif> and <cfinclude> to
control part of the content of a page based on IP address ranges.
Basically, when a user accesses the page from a defined range of IP
addresses, the <cfinclude> calls foo.cfm into the page. If
the user accesses the page from an IP address outside of the
defined IP address range, <cfinclude> will return
other_foo.cfm.
Any suggestions for a newbie?
Thanks in advance.The variable CGI.REMOTE_ADDR or CGI.REMOTE_HOST should
contain the IP information. Then compare to your range. -
Restricting Access Based on IP Address
I am wondering how Oracle Identity Management lets us check if the request comes from a specific IP Address before authentication. I need to restrict access to web pages for a username or role to a certain location and IP address, in fact a bank branch.
Please note that I don't want to limit access to the server to one IP address in general, but I need to let in a pair of (IPx,Usernamex) in other words bind IPs and identities.
Any suggestion for this?
Thank you
Regards,
FarbodHi
Sorry for not answering until now but I have been busy the last couple of days.
You need to implement this functionality on the first node in your system so that you can get the originator IP. If your application server is behind something that changes the originator IP you will simply not be able to read the IP and the approach of using SSO call outs will not work. SSO call out will only work if the app server is placed in front.
If you have a load balancer in front you will need to install a reverse proxy of some kind in front of the load balancer. If you have the money for licenses I would recommend looking at OAAM.
What you will be building is basically a SSO setup so as long as the SSO system supports your authentication scheme and has an SSO plug in that supports your app server you will be fine.
If you have plenty of time but little license money you might want to look at building something based on Apache and Mod_proxy or mod_security. I did a little bit of work on this back in 2003 but it doesn't seem to be a common pattern today so I am not sure how viable this option is.
Hope this helps
/M -
Restricting user access based on a site column value in a document library.
We have a business requirement to show the contents of a document library based on a value (or values) in the site column (or multiple columns). For example, my document library has a custom site column called confidentiality. This
will have values like restricted, internal and public. Now, based on the AD Group the user belongs to, I should be able to control the access to Restricted or Restricted and Internal files from the document library. We are using SharePoint Online 2010.
Please suggest the best way to achieve this requirement?SharePoint's security model doesn't allow you to specify security based on metadata. You could however create a Sandboxed Solution containing a Feature that registers a custom event receiver on the Document Library. The logic inside this
Event Receiver would fire after editing item properties (ItemUpdated) to apply item-level permissions based on the rules you need.
Make sure to read the article below to determine if fine-grained permissions are suitable in your case:
http://technet.microsoft.com/en-us/library/gg128955.aspx -
Hey,
I've recently created an application for our users to use, On the workspace we have a couple of applications.
For the main application we have a user group with all of the people who are allowed access to the main application, how can i restrict it so they can only access this application and no other application on workspace?
Thanks
Ozzyone option of course is to create multipple workspaces. If that is not an option, try using custom authentication (many examples on the net) and incorporate the application in the credentials. Effectively, you're adding authorization to your authentication mechanism ;)
-
LiveCycle Workbench ES2 - restricting application access
Hello,
We have several developer groups accessing different applications within Workbench ES2 (9.5). We are trying to restrict access to applications so that only the appropriate development groups have read/write access to their Workbench applications. We have tried using the "manage access" feature of Workbench but it does not work at all (click show remote resources button and then right click on any application and then click manage access). We have a long standing case open with Adobe to resolve this but in the meantime I am wondering:
1. Does anyone out there successfully use this Workbench feature to restrict access to applications?
2. Could anyone suggest an alternative to the manage access feature to restrict access?
It is my understanding that prior to the current release of Workbench there was a repository of sorts in Workbench where you could create folders and then secure anything in those folders by users/groups. This was accessed using the “resources” tab. Sure wish that functionality still existed!
Thanks in advance for any and all help/advice.Here is documentation on doing so, the steps are described under the "Managing user access to applications" sub-heading:
http://help.adobe.com/en_US/livecycle/10.0/WorkbenchHelp/WS92d06802c76abadb7e4e02661284028 97ed-7ffa.html#WS92d06802c76abadb7e4e0266128402897ed-7f94
Here is a few thing to keep in mind:
- If the users accessing the application have the "Application Administrator" role assigned in adminui, this will not have any effect.
- This will only allow the users to fetch the application to which they have access from the server, local copies of the application before this access change is applied can cause errors.
- You should be managing these access rights while logged in as an Administrator, or Application Administrator in Workbench. -
Restrict WLAN access based upon device type
hi,
i have a requirement to allow only certain device types (Apple Ipad only) on WLAN. Dont want to use individual MAC filters due to administrative overheads. Any suggestions?The only way you can just allow one type of device is the use of a profiler. Cisco ISE has a profiler, but you will need to get the advanced license also. I don't know how you would be able to do it any other way unless you manually configure each iPad to allow that device on your network.
Sent from Cisco Technical Support iPhone App -
Cannot Restrict application "Internet Explorer" in WRT160N
I have WRT160N and trying to restrict "application access" to Internet Explorer. I do NOT want to restrict the port cause some application are using the same port (may be port-80). Is there any way. Please help.
GujjuYou can go to the set-up page of the router...You can check Access Restrictions...
-
ASA 5510 Firewall internet Restriction based on IP address and block rest users excluding Mails
Hi,
As i have assignment to create access list based on IP address like we have to allow internet access this IP range 192.168.172.201 to 212.
And rest users we have to block excluding Mails.
Please help.
Thanks,
Regards,
Hemant Yadavlogin as: Rakh
[email protected]'s
password:
Type help or '?' for a list of available commands.
FAST-HQ-ASA> en
Password:
Invalid password
Password: ***********
FAST-HQ-ASA# show rum
^
ERROR: % Invalid input detected at '^' marker.
FAST-HQ-ASA# show run
: Saved
ASA Version 8.3(1)
hostname FAST-HQ-ASA
enable password 7tt1ICjiO2a2/Hn2 encrypted
passwd U8oee3lIrDCUmSK2 encrypted
names
interface Ethernet0/0
description ASA Outside segment
speed 100
duplex full
nameif OUTSIDE
security-level 0
ip address 62.173.33.67 255.255.255.240
interface Ethernet0/1
description VLAN AGGREGATION point
no nameif
no security-level
no ip address
interface Ethernet0/1.2
description INSIDE segment (User)
vlan 2
nameif INSIDE
security-level 100
ip address 192.168.172.1 255.255.255.0
interface Ethernet0/1.3
description LAN
vlan 3
nameif LAN
security-level 100
ip address 192.168.173.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network INSIDE
subnet 192.168.172.0 255.255.255.0
object network LAN
subnet 192.168.173.0 255.255.255.0
object network MAIL-SERVER
host 192.168.172.32
object network DENY-IP-INTERNET
range 192.168.172.121 192.168.172.200
object-group service serBLOCK-INTERNET tcp
port-object eq www
object-group network BLOCK-IP-INTERNET
network-object object DENY-IP-INTERNET
access-list 102 extended permit icmp any any time-exceeded
access-list 102 extended permit icmp any any echo-reply
access-list OUTSIDE-IN extended permit tcp any host 192.168.172.32 eq smtp
access-list OUTSIDE-IN extended permit tcp any host 192.168.172.32 eq https
access-list BLOCK-WWW extended deny tcp object-group BLOCK-IP-INTERNET any object-group serBLOCK-INTERNET
access-list BLOCK-WWW extended permit ip any any
pager lines 24
logging asdm informational
mtu OUTSIDE 1500
mtu INSIDE 1500
mtu LAN 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
object network INSIDE
nat (INSIDE,OUTSIDE) dynamic interface
object network LAN
nat (LAN,OUTSIDE) dynamic interface
object network MAIL-SERVER
nat (INSIDE,OUTSIDE) static 62.173.33.70
access-group OUTSIDE-IN in interface OUTSIDE
access-group BLOCK-WWW out interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 62.173.33.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh 192.168.172.37 255.255.255.255 INSIDE
ssh 192.168.173.10 255.255.255.255 LAN
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username Rakh password EV9pEo1UkhHJSbIW encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1ee78d19f958efc6fd95f5e9d4e97b8d
: end
FAST-HQ-ASA# -
Lync Application and Desktop Sharing - Restrict remote access/Telnet
I have a customer and they are paranoid about using Lync application/desktop sharing which could potentially enable remote users from getting into their internal IT systems. They are asking if we could restrict application/desktop sharing specifically
for appls with remote access capabilities (e.g. Telnet, etc.)? Anyone could share any information relating to this? Thanks!We can’t do this with Lync Server natively. Maybe you want to vote idea at
http://lync.ideascale.com/a/dtd/Limit-AppSharing-for-specific-applications/467874-16285
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found
there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Lisa Zheng
TechNet Community Support -
Access restriction in IM52 based on company code and investment reason
Hi,
How can we have access restriction in IM52 based on company code and investment reason?
thanks
Randeephi
please check the authorization object for the transaction
company code you can -
Licensing restrictions prevent access from this address.
After updating CF7 to the new DST requirements, we are seeing
INTERMITTENT issues with some SWF movies not being loaded.
flash forms work just fine.
Any indication which way to look would be fabulous.
Coldfusion-err.log shows:
03/13 15:47:48 ERROR Proxy Servlet: Licensing restrictions
prevent access from xx.xx.xx.xxx
03/13 15:47:48 ERROR Proxy Servlet: Allows addresses: [
{71.218.19.250} {192.168.1.145} {74.93.23.77} {24.131.24.127}
{192.168.1.1} ]
03/13 15:47:48 error Licensing restrictions prevent access
from this address.
java.io.IOException: Licensing restrictions prevent access
from this address.
at
flex.services.license.AddressRestrictionFilter.invoke(AddressRestrictionFilter.java:28)
at
flex.server.j2ee.cache.CacheFilter.doFilter(CacheFilter.java:165)
at
flex.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:66)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)
at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:257)
at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:541)
at
jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:204)
at
jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:318)
at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:426)
at
jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:264)
at
jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)alexfrates wrote:
> After updating CF7 to the new DST requirements, we are
seeing INTERMITTENT
> issues with some SWF movies not being loaded.
>
> flash forms work just fine.
> Any indication which way to look would be fabulous.
>
> Coldfusion-err.log shows:
> 03/13 15:47:48 ERROR Proxy Servlet: Licensing
restrictions prevent access from
> xx.xx.xx.xxx
> 03/13 15:47:48 ERROR Proxy Servlet: Allows addresses: [
{71.218.19.250}
> {192.168.1.145} {74.93.23.77} {24.131.24.127}
{192.168.1.1} ]
On a J2EE multiserver install this usually means your JRun
instance is
not registered. In the JRun admin, drill down to the settings
of the
instance and check whether it is a developer edition or a
registered
edition. I wouldn't know any way to fix this other then a
reinstall.
Jochem
Jochem van Dieten
Adobe Community Expert for ColdFusion -
How to restrict user access in Oracle Application Server 10g (9.0.4)?
Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?
Hi,
You have to edit httpd.conf and modify acces rights for each protected directory
e.g.
<Directory /var/www/sub/payroll/>
Order allow,deny
Allow from 192.168.1.0/24
</Directory>
then you have to restart Oracle HTTP Server
jm-- -
How to restrict the access of FUNCTION MODULE for others after transporting
A Function module needs to be executed in one server and should be executed when others try to access it.how to restrict the access of FM to one application server after being transported using SM59.
issue resolved
Maybe you are looking for
-
Automatic clearing of accounting documents
We are having an issue with accounting documents for our credit card orders getting cleared automatically as the billing documents are created. This looks like a standard SAP functionality. The orders are created with credit card number and it gets
-
How to connect WRT54G v5 with Buffalo AirStation HP Wireless G?
I am new to the networking world. I would like to connect the WRT and the AirStation Wirelessly--is it possible? Any help would be appreciated. Thanks, Chrimic
-
I have a question for the data conversion strategy. We are planning to store 2 yr detailed transactions and 4yr balances in Oracle system. In terms of the data conversion process, we were also going to take the same method. It would, however, cause s
-
Comparing 3 CSV Files and generating output to 4th One..
Hi, I was trying to compare 3 different CSV files using the common field EmplID and generate output with the combination of all the CSV's. The fields in the CSV are below CSV1 : EmplID,HName,Name,PreferredName,Location,Department CSV2 : HName,EmplID,
-
Photoshop not installed on my computer and won't install.
A month ago I purchased the Photoshop lightroom package for 9.99 a month. I downloaded creative cloud and both photoshop and lightroom programs to my computer. They worked fine. Then I ended up with a virus (from a different source) that required m