I'm setting up a QnA bot in Teams for internal use. However our FAQ page is whitelisted by IP and only accessible from the company office. I’ve tried whitelisting all known Azure service IP-addresses to no avail.
Is it possible to grant qnamaker.ai access to the private URL? If so what IP-address should be whitelisted? Thank you in advance.
QnA Maker Management Service uses the following IP Ranges:
West US: 13.91.0.0/16
East US: 52.191.0.0/18
qnamaker.ai uses a few others, depending on where you're accessing it from. If whitelisting the above IP ranges doesn't work, let me know what region you're trying to access it from and I can provide additional guidance.
Related
Need to create a knowledge base from a Wiki,however, the wiki is behind a login. What is the best way to feed a login protected URL into QnAmaker?
I've tried logging in in another tab on the same browser, but QnA maker simply shows the login content. I've quickly reviewed the QnA site howtos and searched stackoverflow. I'm sure folks have solved this issue but I haven't found any guidance.
If you have a link to online solutions, that would be wonderful.
Thanks...Steve
QnAMaker uses a service on its own server to scrape FAQs, which is why you can't login yourself and then try to scrape.
If you're able to whitelist IP addresses so the QnAMaker service doesn't have to login, QnA Maker Management Service uses the following IP Ranges:
West US: 13.91.0.0/16
East US: 52.191.0.0/18
Otherwise, your FAQ would have to allow login via URL. If this is possible, it's likely something like:
http://username:password#example.com/, or
http://myserver.com/~user=username&password=mypassword
The other option would be to manually copy the site to a supported file (like PDF or Doc) and then upload it.
I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.
However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.
I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?
This is not currently supported. I filed a feature request and will update on progress.
Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can use xip.io to work around it.
For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'
I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.
It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.
Your IP must be static, of course.
Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.
Echoing what Breno said in response to his earlier comment:
Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].
[1] https://support.google.com/cloud/answer/9110914?hl=en
[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.
xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.
I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.
This should also work with public facing IP addresses.
I have very abstract description of the project. Ok, publisher wants to give access to several books to some library. He gives access by IP range (common method in publishing business, as I understand). So, users who will go to the library and use library's computers and browse book catalog can download these books.
Now question. This system should work if user login to the library from home computer (actually system like this already exists and I don't understand how it can work). And problems begin. User login to the library, but he will have his own IP address obviously. What can I do to give this users access to the books if I know only IP address range of the library.
I see 2 methods:
use "HTTP referer" field from the request. Which is very insecure
use third-party authorization meсhanism. I don't know exactly how I can do it, so I will appreciate any help
It looks like I'm trying to do pretty the same thing as this user -https://stackoverflow.com/questions/18999304/using-ip-to-identify-institution-school-university-library-etc
Anyway I found several references of IP Range authorization for libraries and universities. So, somehow it works. Can you explain how does it work for people who use their home computer?
I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.
However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.
I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?
This is not currently supported. I filed a feature request and will update on progress.
Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can use xip.io to work around it.
For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'
I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.
It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.
Your IP must be static, of course.
Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.
Echoing what Breno said in response to his earlier comment:
Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].
[1] https://support.google.com/cloud/answer/9110914?hl=en
[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.
xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.
I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.
This should also work with public facing IP addresses.
I have a list of sites running on the same server, so they all share the same IP address. a facebook app was created in order to have login functionality on the sites, but as I see, the app needs one and only domain (for security reasons...) that is enabled to use the login process.
Is there a way to identify remote sites with IP instead of one domain name?
Thanks!
No, you must use a domain name, you can enter multiple domain names though, or run the logins through login.yoursites.com or something like that