front end application user can access the website from specific IP address - block

front end application ( php / .net / Java ) one user can access the website from specific IP address only, that same user can not access the website from other IP address. How to do this. is this possible?.

You can use the mod_authz_hosts module in Apache to restrict which IP addresses are allowed to access certain sections of the website. Looking through the documentation for the module, you create a .htaccess file in the directory that you want to restrict access and within the file enter details of the allowed IP addresses. For example
Allow from 10.1.2.3
Take a look at the documentation on the documentation for the module which is available at http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html

Related

How can you rewrite an internal link access from external hostname?

What if I have some internal links on my xampp web server that need to get accessed by external (requests from the internet)?
Lets say http://mylocalsite.local/login/ is a link on the site.
if I click on this link from http://externalwebsiteaddress.com, which should redirect to my webserver. Can the internal link (mylocalsite) be rewritten to http://externalwebsiteaddress.com/login ? Because currently external requests give a "Cannot access this page error" because its internal.
I don't want the internal link to redirect to the external link when accessed from within the network.
Basically if the links are internal , then find a way to service the request from external website successfully, without having to physically change the link on the server.
in other words
If the user is accessing from an external internet link, then find a way to redirect to proper folder using external link so it can be resolved properly.
EX: All links start with http://externalwebsiteaddress/wherever
If user is accessing from internal (inside the network) , then use the local links.
EX: All links start with http://internaladdress/wherever
Would this be a mod_rewrite? I am confusing myself way to much.

How to allow the application visible only through some IP?

I'm developing a Windows application, using Eclipse, Tomcat server and Struts2.
I am using LDAP verification to log in.
I only want to allow specific people to view my application, i.e person with IP 173.12.12.12 can view it, while 173.12.12.72 should not.
How should i do this?
Also if someone enters an ID which is disabled, the application should not work on his terminal anymore. How should i do this?
If you want to handle your IP address Whitelist within your web-application (eg. on a database), you can detect user's IP address server-side by reading the X-Forwarded-For HTTP Header from the Request.
If you want to handle your IP address Whitelist within your application server, (in this case, Tomcat), you must put a RemoteAddrValve in your context.xml (source).
Both this methods work, but both fail at detecting real IPs in case of IP spoofing. It's naive for a malicious user to spoof their own IP address, for example with CURL, or with a Firefox AddOn like anonymoX.
You shouldn't rely on IP address to protect your system. But you can use them to enhance the user experience to your authenticated, trusted users... once they're in, you can assume they're not malicious and start profiling their devices by IP to provide targeted functionalities.
if it is a range of IP, fetch the IP value from a property file and verify against it.
if it is a single value, fetch the value from the database assigned to users and verify against it.

Should I allow viewing my website by entering the IP in url bar

Should I allow viewing my website by entering the IP in url bar? that means that instead of writing site.com in the browser, I write the IP of the website.
Example:
this IP 85.17.159.246 is not accessible if you put it in the browser bar. But the website hosted by it azlyrics.com is available.
Google on the hand allows viewing its website via direct IP, for example if you use 64.233.165.190 in your browser it will show Google's website.
Is it bad to allow that? Is it good? Why?
In the past I've read that it is not a good idea to allow this, but now I really don't know how to search for this, as all the results on Google return with irrlevant pages.
If it is not a good idea, how can I block it? (without blocking the website url, of course)
We do have domain names for a reason, it brings several nice benefits as being able to move your site to a new IP but keeping the same domain name. Also when using domain names you can have multiple websites on a single IP.
It's not bad. But an IP can only "host" one site. This works for Google, since they'd only be serving up google.com content anyways. But consider a shared server with (say) 50 different sites on it.
When you punch in http://example.com, your browser will hit example.com's IP and include a Host: example.com in the request's HTTP headers. That lets the server identify which of its sites you're requesting.
But if you hit the server's IP directly, there's no Host: header, and now Apache has no idea which of the sites you really want.

Different pages related to website ip address

My website is assigned a particular ip address.
Now, is there any way to configure web server like apache so that when I enter the website url in a browser, it shows a different page than when I enter the ip address related to the website?
Yes. What you're looking for is apache Virtual Hosts.
You'll also need to configure your domain to point to your ip.

Can a Facebook App for remote login be identified with IP instead of domain name?

I have a list of sites running on the same server, so they all share the same IP address. a facebook app was created in order to have login functionality on the sites, but as I see, the app needs one and only domain (for security reasons...) that is enabled to use the login process.
Is there a way to identify remote sites with IP instead of one domain name?
Thanks!
No, you must use a domain name, you can enter multiple domain names though, or run the logins through login.yoursites.com or something like that