Using .htaccess file to block access from certain networks
Does anybody have any tips on getting a .htaccess file to work to block access to my Web Access server from certain network ranges on SuSE 10 SP3 with GW 8.0.2.
It does seem like the file does anything? With Web Access I'm not exactly sure where to put the file. I used to accomplish this using iptables, but I was seeing if I could do the same with .htaccess.
Thanks!
Originally Posted by bbilut
Does anybody have any tips on getting a .htaccess file to work to block access to my Web Access server from certain network ranges on SuSE 10 SP3 with GW 8.0.2.
It does seem like the file does anything? With Web Access I'm not exactly sure where to put the file. I used to accomplish this using iptables, but I was seeing if I could do the same with .htaccess.
Thanks!
You can block a range with the .htaccess file, for example by defining the range as
Code:
order allow,deny
deny from 10.0.
allow from all
...that would block all 10.0.0.0 upto 10.0.255.255 addresses
You cannot use this file in tomcat, so useless I think... but as Apache is used as frontend for the tomcat webacc application and you might be able to edit the gw conf apache files to include the range denies (which by default can be found in /etc/opt/novell/groupwise/webaccess/gw.conf).
Maybe this thread might help as there are some examples in howto include denies in the .conf files.
Deny IP Ranges in httpd.conf Apache Web Server forum at WebmasterWorld
Do make a backup of you current gw.conf in case it blows up :)
-Willem
Similar Messages
-
How to block call from certain number -Iphone 4?
How to block call from certain number -Iphone 4?
Also try searching for apps that can do this. Never heard of it before but there should be one around.
-
HT5463 Can you block calls from certain numbers
Can you block calls from certain numbers
You can also make a contact for those numbers and assign a silent
ringtone to them. The calls will still come in, but you will not hear them
and they will eventually go to vocie mail if you have it set up.
You must do this for each number as wildcards are not accepted in
Contacts, but all the numbers can be listed in one contact.
As Ocean20 has stated above, true call blocking is a function of
your wireless provider. -
Iphone 4 only receiving sms from certain networks- help?!!!!
Iphone 4 is only receiving sms from certain networks - help?!!!
Have you contacted your carrier to report the problem? This is not (and can not be) a problem with the phone. It's a problem with your carrier and/or the way they have your service provisioned.
-
Need software to block access to certain websites at night
OK. I'm going to admit it. I've got a shopping compulsion that's somewhat out of control when I get tired at night.
Anyone have suggestions for software or another method to block access, ideally to just forms, or just certain websites, between certain times? I know if I'm the admin I'd be able to get around it, but it would help stop me from buying when I'm not awake enough to make good decisions.
I'm thinking a children's filter would work, but none of them seem to go more specific than turning off the internet entirely between certain times, and that's a bit too broad. In any case, I'm pretty sure I could script just turning off the Airport link for a time if that's what I really wanted.
Any suggestions for scripting the Airport config or other site lookup files (the ones that say ebay.com -> this address), perhaps? That would keep me from getting on with the iPhone too.
Thanks, and
AymAymR wrote:
Maybe I just need to make my own scripts... I know if I'm the admin I'd be able to get around it, but it would help...
You might try the script below. It works by looping through a predefined list of text items, comparing each item to the URL of the frontmost Safari document. When a match is found, the frontmost document is replaced by a blank page. A dialog then appears informing you that you've attempted to reach a prohibited web site.
The script below should be copied and pasted into your AppleScript Script Editor. From the Editor's File menu choose Save As > File Format: application. Be sure to check Stay Open under Options. Once saved, the script can be launched from the dock or desktop, or launched as part of a repeating iCal event, with iCal's alarm feature set to open the script file at a certain time each day. Once running, the script can be stopped at any time by selecting its docked icon and choosing Quit from the menu.
+The script:+
*property prohibited_list : {"ebay.com", "amazon.com", "shopping.yahoo.com"} --> add or remove items as desired*
*on idle*
*tell application "System Events"*
*if exists application process "Safari" then*
try
*tell application "Safari"*
*set x to URL of front document*
*set y to every character of x as text*
*repeat with an_item in prohibited_list*
*if an_item is in y then*
*set the URL of front document to ""*
*tell application "System Events"*
activate
*display dialog "You have attempted to access a prohibited web site." with icon stop buttons ("OK") default button 1 giving up after 10*
*end tell*
*tell application "Safari" to activate*
*end if*
*end repeat*
*end tell*
*end try*
*end if*
*end tell*
*return 5*
*end idle*
Good luck.
+The script was tested in Mac OS 10.4.11. Leopard and Snow Leopard users' results may vary.+ -
Blocking Access from Ubuntu 9.04 Virtual Machine
Hi Everyone
We have blocked access on Perimeter Routers for Some specific ports like telnet , SSH etc
and as per access policy users are granted access within the organisation for Servers at Data Centre based on there IP addresses
If some body installs Ubuntu 9.04 Virtual Machine and then invokes virtual XP some how the user gets 10 series IP and still manages to access the servers
How can i block the same
While checking for IP Accounting on Router there are no traces on the Vitual IP but server login details shows the IP address from whcih accessed with source IP as 10.x.x.x
Regards
Sohail Sarwaruser8750410 wrote:
I need C Api to connect from Ubuntu 9.04 to Oracle 8 database, is ODBC the only way to do this ? There is an opensource solution to connect without installing database on the client machine ?You certainly dont need a full database install on the ubuntu client, client components only are required.
Because your target is a downrev oracle database version you might need to use client compoents like linux 9i to be successful :- [http://www.oracle.com/technology/software/products/oracle9i/htdocs/linuxsoft.html]. The more modern 'instantclient' [http://www.oracle.com/technology/software/tech/oci/instantclient/index.html], [http://www.oracle.com/technology/tech/oci/instantclient/index.html] does not appear available at this verion. Its possilble this version might have issues when installing this version on ubuntu 9.04 ... i simply don't know and too hard for me to look up.
I personally am unaware of any thin client driver technology that would help you here, that isnt to saythere isnt one.
This si not an area i am now current in, i merely really wish to say you do not need a full database install. -
Can I use .htaccess file for authentication if running pl/sql gateway?
The server is on Windows system with Apache as the web listener
and webDB as pl/sql gateway so if any script is under pls/,
server would invoke pl/sql. My question is: I know .htaccess can
be used for directory protection, in this case(with the pls/),
can I still use it? if yes, where should I put the .htaccess
file?
Thanks very much in advance.
PatriciaWelcome to the discussions!
+Is this feasible ?+
Feasible, yes. Practical, no...unless you are willing to put up with very slow access to files that are on the Time Capsule.
Keep in mind that the Time Capsule was designed primarily for Time Machine backups, not as a media server for quick access to data. You might want to explore other options that would allow much faster access to files when you need them. -
How to prevent/allow admin access from certain ip address.
Hello
trying to setup the following scenario:
have a user BOB created in Cisco ACS 4.2
have several network devices with different management IP addresses all added in Cisco ACS 4.2
want to be able to allow BOB to access network devices only if BOB's access request is coming from one ip address 1.1.1.1
If BOB is trying to access network devices from any other ip addresses, the request should be denied regardless of the fact that BOB has full access to all network devices.
Is there a way to acomplish this using Cisco ACS 4.2
Appreciate your input.
Regards,It is actually possible, thanks for your doc reference:
in ACS setup AAA client user will be allowed to call from
in ACS setup NAR (devices you want to allow access to);
create user in ACS
configure user access in ACS:
allow access to required NARs
define IP - based access restrictions
Permitted calling / point of access locations
enter AAA client from which user will call (* for ports and * for ip address)
Save and test
In failed attempts you should see Authentication failure code "Users access filtered" when trying to login to NAR devices with new username and from non-permitted calling client/ip address.
Thanks for you help. -
Block access from other subnets 2921 router
Good day,
I have a 2921 router...
I got many subnets on network.. What I want to do is block access to one of my networks and allow all other subnets to browse the web.
I have;
192.168.4.0/24
10.20.50.0/24
10.20.40.0/24
10.20.30.0/24
10.20.60.0/24
I want to block access to 10.20.60.0 from all other networks while allowing them to access the internetIf what "Jon" said is correct you could do something like the following.
ip access-list extended VLAN20_ACL
deny ip 10.20.50.0 0.0.0.255 10.20.60.0 0.0.0.255
permit ip any any
ip access-list extended VLAN20_ACL
deny ip 10.20.40.0 0.0.0.255 10.20.60.0 0.0.0.255
permit ip any any
ip access-list extended VLAN20_ACL
deny ip 10.20.30.0 0.0.0.255 10.20.60.0 0.0.0.255
permit ip any any
ip access-list extended VLAN20_ACL
deny ip 192.168.4.0 0.0.0.255 10.20.60.0 0.0.0.255
permit ip any any
int vlan 20
access-group in VLAN20_ACL
int vlan 30
access-group in VLAN30_ACL
Now technically, 10.20.60.0/24 could still get to the other subnets, but the return traffic would be blocked.
And you could always change the permit ip any any to just HTTP traffic, etc. Depends on what you want to do.
Although it might be a better idea to configure ACLs on the firewall. It would be easier to manage that way. If traffic has to go up to the ASA to get back to the other subnets. -
Folder Rewrite using .htaccess file?
Hi I have created another folder in my website for something to clone a folder I currently have but no longer want to use. I am looking to redirect anyone tryping in the directory for my old folder to my new one using a .htaccess file or any other method you may suggest.
The paths I want to re direct are as follows www.dor2dor.com/postpeople to www.dor2dor.com/leaflet-distribution-jobs
If anyone can let me know the code I need to do this it would be much appreciated.This will redirect postpeople/something to leaflet-distribution-jobs/something
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^postpeople(.*) /leaflet-distribution-jobs$1 [NC,R=301,L]
If you want to redirect postpeople/anything to leaflet-distribution-jobs, then
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^postpeople(.*) /leaflet-distribution-jobs [NC,R=301,L]
Kenneth Kawamoto
http://www.materiaprima.co.uk/ -
Time Capsule blocks access from outside
I just changed my Airport Extreme with a Time Capsule using the "replace existing airport" option in the airport utility. I have a MacMini attached with ethernet to the Time Capsule that runs as a server (web server, ftp server, vnc) that can be accessed from the public Internet. However, after upgrading to the Time Capsule I cannot access the MacMini server from the Internet. I have tried all the settings I can think of. Both NAT with default server and NAT with configured services fail to work.
Are there any changed behaviours between these network equipment? (the Airport Extreme is the fast-ethernet version). Both uses the latest firmware and software.There was a problem in the ISP settings - the external IP address changed when i swapped the Airport Extreme with the Time Capsule...
-
Block Computer From My Network
Please I need help on how best to be able to block some specific computer from my network not minding the fact that they are pluged into my LAN on my switch.
Is there a way to enable a rule to prevent such system from accessing anything from the router?
I am new to cisco and my router is RV042
Thank you.Dear Charles,
Thank you for reaching Small Business Support Community.
What you can do is set an access rule(s) to prevent certain(s) IP addresses, statically assigned to those computers, from accessing any WAN service.
So, if you setup DHCP server settings on the router you would have to assign static IP addresses to the computers you look to prevent internet access from, outside from the DHCP pool range and enter those static IP addresses on the DHCP config in the router (DHCP > DHCP Setup , Static IP). Please refer to chapter 4 in the admin guide for details;
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
Once you have the static IP addresses assigned to the devices and entered on the router, you can set access rules to allow/deny internet access to them. Please refer to "Configuring access rules" section on page 106, chapter 7 of the admin guide.
I hope you find this information useful and please do not hesitate to reach me back if there is anything else I may help you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
Using LDAP group to autenticate users from inside network to Internet
Hi team, I got an asa 5510 version 7.2.3 and i need to autenticate my users from inside network to internet using a security group in the Active Directory, anyone can help me with these?
This might not be complete for your needs but it may give you enough of what you need without having to purchase full url filtering etc.
Authenticate with LDAP as shown earlier in this thread, then use this aaa ldap with cut-through proxy -
PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml
then do some filtering -
ASA/PIX 8.x: Block Certain Websites (URLs) Using Regular Expressions With MPF Configuration Example
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml -
Easiest method to block employees from Guest network?
We have WCS and several WLCs (WISMv1, 5508, 4402) all running the 7.0.240.0 code. The "Guest" SSID is "garden-walled" from the corp LANs. We used to have web-auth page that required ID / PW. This became unreasonable as IT Dept was getting requests at all hours for immediate access from guest / resident family memebrs. So we changed the web-auth to remove the the ID / PW and just display corp policy and have to hit a "continue" button to gain access to Guest SSID. Healthcare staff on the floor are not tech-savvy enough to want to use or perform Hotel Ambassador functions.
The issue now is that we have employees with smartphones, tablets and even personal laptops conecting the Guest SSID. Sr. Mgt wants to find a way to stop the abuse.
I do not believe there is any perfect solution to prevent employees from gaining access, but have been asked to find a manageable method to deter most employees from connecting to the Guest network. Looked at seing up MAC filtering in WCS, it seems that you have to enter MACs that you *allow* on to the network - by default, other MACs are blocked. I would rather have the template block the MACs listed in the csv file and allow access as the default..
We have several SSIDs. Our corporate SSID uses 802.1x and we use Microsoft Server 2012 Network Policy Server (RADIUS) to pass user ID / PW to our AD for authentication. We do not have Cisco ACS. I am not sure if integrating RADIUS is the answer here either.
I have had some webex sessions on ISE, NCS, and Prime infrastructure. We are only interested at the moment to monitor / control access to Guest. I have been told that ISE will have "sponsorship" functionality added in soon -- where user fills out info and ID / PW is sent via text or email to a cell phone or other device.
Any ideas??
TIA -- PerrySteve,
The employees don't use / need any credentials for the Guest. The nurse staff / aides have balked at performing what they see as IT responsibilities. I can actually understand their point....their job is to provide care to the residents.
IT can't realistically respond to requests at all hours for access to Guest.
One thought was to see if we can require a name to be on the web-auth form that we can upload and record the corresponding MAC. The name is not verified against AD or anything -- more to track and see if the MAC associated "moves" across the network -- which would signal that it is likely an employee using a smartphone.
But we still need a way to specifically block a MAC while allowing the default permit in WCS. As I mentoned earlier, the default seems to be block MACs and permit specific MACs in the list....
Perry -
Office files slow when opening from a Network Share
Hi!
So, we have a client who moved from having regular Office installations to Office 365 for Mid Size business and reinstalled the Office that comes along with Office 365. Ever since we did
that, there is a delay in opening any office files from a network share. Opening up a Word or Excel document takes up a lot longer than it did before. We have another client with the exact same issue who have Office 2013, so I think its mostly something to
do with office 2013. This problem has been going on for a month, and I have tried everything I can. I have gone through most posts on technet and the internets. Tried disabling AV, Office File Validation, added the network share to trusted locations, removed
add-ins. Nothing works! All other files opens up quickly, pdf, jpg. We can open larger jpg or pdf files faster than smaller office documents. This is a significant problem with our clients as they work in recruitment and open up resumes all day from the network
share and it takes forever to open.
Any advice or help is appreciated!
Thanks!
ShaneezHello,
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Steve Fan
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please click
here
Maybe you are looking for
-
Close Internet Explorer after a network error
Hello. When I'm running a Form I get the error FRM-92102, and the Form closes. But the Internet Explorer window doesn't close. What can I do for the Explorer window closes? Thank you. P.D. Sorry for my English
-
Hi gurus, I worked on a interface where I was required to create an accounting document for transaction fb01 using BAPI_ACC_DOCUMENT_POST, but now I got the new requirement where I need to modify that program and now the program should work for tcode
-
Switching Iphone user accounts
My wife and I have always used the same itunes account. I had an original iPhone and purchased a 3G model. My wife now wants use the old one, which I have no issues with. But she went and filled in her own address book so she would have her contacts
-
Personalization vs. Customization in Sales Online making field mandatory
I am having some difficulty distinguishing between Personalization vs. Customization in the Oracle CRM Sales/Marketing Online. Specifically, I have asked to make the Job Title field on the Contact screen to be mandatory when filling out contact detai
-
Acrobat Pro 7 self-heal problem - 10.4.x standard account admin permissions
Hi, Installed Acrobat Pro 7 as part of Adobe CS 2 - one brand-new G5, and one erase-and-new-install of Tiger 10.4.6 and all apps on a G4 eMac. Same problem on both. When in a standard user account, repeatedly on launch (apparently during the install/