Limiting access by IP address

[Richard I]

Hi,
I have a client with multiple sites using a NT app The company want staff to use the app only from the Work located PCs or "known" PCs
They have requested that IP addresses not on a "permitted" list are blocked- this will prevent employees  using their smart phones etc.

Is this possible with my NetTalk 10.36 app.

Thanks
Richard
NT10.36

[bshields]

Hi Richard,

The IP Ban functionality is buried down in NetSimple and not suitable for this.

I think you could build a system at the ProcessLink (any other suggestions?) embed point, check the incoming IP address and bail and do nothing if it doesn't match your IP masks.

This is a bit slow and clumsy not to mention a waste of programmer time.

This sort of thing is normally easily done at the router level. I do exactly this within my routers for our hosting. If you want administrative access to our servers you must be coming from a known IP address.

I'd try suggesting this to your client first, and if its not practical for them, consider the ProcessLink approach.

Regards
Bill

[Richard I]

Hi Bill, I would be setting this up on Amazon for them.
You say...
This sort of thing is normally easily done at the router level. I do exactly this within my routers for our hosting. If you want administrative access to our servers you must be coming from a known IP address.
How would I go about setting it up there?
probably 35  different IP addresses,

Thanks
regards,
Richard

[Richard I]

Bill,
Got this from an AWS google search...

In the navigation pane, choose Security Groups. Select the security group for your instance.
Choose Inbound, Edit, Add Rule.
For Type, choose SSH.
In the Source field, specify the IPv6 address of your computer in CIDR notation. ...
Choose Save.

Is that how you would do it?

Cheers
Richard

[bshields]

Hi Richard,

I don't use AWS (well not often).

Its in security groups, the protocol would be TCP currently there should be rules for 0.0.0.0/0 on port 80 and a similar one of port 443. (similar stuff for IPv6 too)

You will either need to create a rule for all ip masks that are valid and remove the 0.0.0.0/0 rule.

You might also be able to create a list of addresses and place all your IP masks in there and then just create one TCP rule and link your SafeIP address to that rule.

The later is how most routers do it, and that is what AWS tried to emulate.

Sorry I cannot be more specific.

Regards
Bill

[Bruce]

>> In the navigation pane, choose Security Groups. Select the security group for your instance.
Choose Inbound, Edit, Add Rule.

yes this.
then fill in the rest appropriately - port number, IP address and so on.
You can do it at the app level as well, but it's easier (and less work for the server) to do it at the Security Groups level.

cheers
Bruce

[Richard I]

Thanks Bill and Bruce,
Cheers
Richard