Azure API Management Restrict multiple caller IP Address - policy

If I look at the below URl for restricting IP Address in API Management with its policy "IP-Filter", we can either limit single IP Address or a range. Is there a way I can filter different IP Address like 172.2.2.2, 122.2.2.4,
134.2.2.3?
https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#RestrictCallerIPs
Thanks and Regards,
Manu

Graphical interface allows you to add many IP addresses in "Filter IP addresses" policy.
It's changed to the following xml expression
<ip-filter action="allow">
<address>10.10.1.1</address>
<address>10.10.1.200</address>
</ip-filter>

Related

Numbers instead of name for login email for security?

Our Active Directory logins are currently e.g. john.smith#mycompany.com (i.e. the same as our email addresses). A friend said they used a number for login (e.g. 38292#mycompany.com) for security reasons. The login being internal and not public facing.
Wondering what others think/do and what is considered best practice. Thank you.
• Yes, as your friend said it is a good practice to keep your internal login ids and email ids as login ids different for several reasons. One of them is that if you have several people by the same names or similar spelling then it can be very hectic and weary to trace down a user’s activity across large span of internal environment presence. So, its best to keep internal application login different than email address as it helps your internal security team to continuously monitor and prevent threats like spamming a particular mailbox, sending phishing mails, etc. Also, it keeps your organization’s internal infrastructure at bay from attackers as brute force attacks through email ids are not at all possible since employee id numbers aren’t public.
• You can do so by configuring email address attribute for your users for which you can set the one containing employee number as their primary email address and other one configured, i.e., email address(firstname.lastname) as your employees’ alias email address or proxy addresses.
• Once, that is set, then you need to enable users to sign in with email address as alternate login ID. This feature tells the Azure AD login servers to not only check the sign-in identifier against UPN values, but also against ProxyAddresses values for the email address. This can be done through the ‘homerealmdiscoverypolicy’ resource as given in detail in the below link for your reference: -
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-email-signin#enable-user-sign-in-with-an-email-address

Check if domain has WHOIS privacy

I use an API to get Whois data of a domain
Sample response from API:
For domain 1:
registrant_contact":{
"full_name": "WHOISGUARD PROTECTED",
"company_name": "WHOISGUARD, INC.",
}
For domain 2:
"registrant_contact":{
"full_name": "Whois Privacy Protection Service by onamae.com",
"company_name": "Whois Privacy Protection Service by onamae.com",
}
registrant_contact.full_name may vary depending on the provider
Is there an easy or programmatic way to determine if domain has WHOIS privacy?
Thanks!
Whois Privacy is not a standard service. This is offered by multiple companies, including registrars themselves, with varying degree of service and features.
It can also be done on the registry level in some cases, specially in ccTLDs for individuals.
So, besides listing all specific text strings you can get back, I do not see a solution to your problem, except some heuristics (like the form of email addresses or postal addresses, etc.)
See this other answer for some heuristics: https://stackoverflow.com/a/25233555/6368697
Many domain registrars offer services called "domain privacy," or “private registration” that remove your personal contact information from the WHOIS record. Because of that, you cant get response for some domain. If you want to query the domain, you can use our whois tool http://www.yazilimdersi.info/araclar/whois-sorgulama. Our tool displaying domain information, domain owner, dates of domain with the remaining day.

AWS CloudSearch query

This is sort of a simple question but I can't find any docs on this, or if its even possible.
I understand you need to sign the request for the document endpoint, but is it possible to do the same for the search endpoint?
I need this because I want to privately allow searches from within an application, but I do not want the outside world to search this data.
I understand I can restrict by IP address, but this is limited because the machines are shared and will not restrict others using that IP address. I also understand I could proxy the request and do checks on the proxy.
The best solution would be to sign the search for me in the same way I can sign the document push.
Is this even possible?
I've run into the exact problem but there's unfortunately no way around this. Cloudsearch only allows search access control using IP addresses as mentioned in the documentation.
One possible solution could be to use API Gateway as frontend (where you control and api-key for instance) in your application and restrict the CloudSearch access to Lambda only.
The design is then:
API Gateway <-> Lambda function <-> CloudSearch

How do I get the name of the computer accessing my web page in VB?

I've already tried these methods:
System.Net.Dns.GetHostName
Environment.MachineName
My.Computer.Name
Environ$("computername")
Each returns APPDEV, which I assume is the name of the server hosting my web page.
I've even asked friends to try my page with these methods and they see the same thing.
How can I get it to return the PC name entered at initial setup, like Joseph-PC?
Since the browser won't tell the computer name to the server, a web page is (thankfully) not able to know your computer's name.
You can try HttpContext.Current.Request.UserHostName. Similarly, UserHostAddress retrieves the IP of the client. But this information might not be valid in most circumstances due to (legitimate) privacy or network (NAT, Proxies, ...) reasons. So I wouldn't rely to strong on the presence or validity of the data.
If you are provided an IP address in UserHostName, you can use System.Net.Dns.GetHostEntry to make a DNS reverse lookup to find the name. This also might not work under all circumstances as not every client is registered at a DNS server.

How can I force the login to a specific ip address

I have 20 stores in different locations that want to login to a punch in(Employee/Hours) application. How can I force them all 20 stores to login from the same computer/store every day? I am working with .net but other solutions maybe consider.
Thanks
Some possible answers based on interpretation of question:
1) Lock the program down based on the computer's MAC address at each location. This would allow you to only allow the program to run on the one computer at each location.
2) If you want only the stores to connect to your server, then you can restrict access to only specific IP address using routers and firewalls.