Firewall Request for the HERE Geocode API (v6.2) - here-api

I'm trying to open our firewall to access the HERE GeocodeAPI but need the IP address range & port info. Does anyone know how to get this? Tried the HERE support team who were not able to provide it.
Endpoint - https://geocoder.api.here.com/6.2/geocode.xml

It is difficult to provide fixed range of IP Address in a Cloud Environment.
The recommendation is to make whitelist domain like *.api.here.com or *hereapi.com in order to avoid dependency on IPs.
Please take a look at about Whitelist setting.
https://developer.here.com/blog/how-to-whitelist-domain-names

Related

DNS points to www.example.com but no to http://www.example.com?

So I'm trying to deploy a Ghost blog into a Google Cloud vm instance and I can't get it to work. Part of the problem, I think, is that I haven't set up the DNS correctly. I bought farodefe.org via Google Domains and I tried to configure it following this tutorial, and it worked... partially. I used DIG in Ubuntu to try and verify that my DNS configuration. Here are the results:
enter image description here
As seen in the image above, when I do:
dig farodefe.org
and/or
dig www.farodefe.org
I do receive an answer to my query.
But then I do dig http://www.farodefe.org and I receive nothing.
enter image description here
Why is this happening and how can I fix it?
Thanks in advance!
But then I do dig http://www.farodefe.org
But this does not mean anything, or at least certainly not what you think. The DNS has no concept of URLs, only names.
So you are doing here a query for the name http://www.farodefe.org (which is possible in the DNS, but not just for an A record type which is the default one used by dig), which is certainly not what you had in mind.
Part of the problem, I think, is that I haven't set up the DNS correctly.
Don't think, test. If you are not familiar with DNS, use good online troubleshooting tools, like DNSViz. If you see any red things in the output, your DNS configuration needs to be fixed. Alternatively, your DNS provider should be able to help you.
DNS wise, you first need to understand the difference between authoritative and recursive nameservers and service, and hence when doing tests you need to first send your queries to the authoritative nameservers (which is what DNSViz does) and only when that is ok and you still have problems, then you query recursive nameservers as needed.
If you want to understand more, also learn about the OSI/Internet layers, and how HTTP is layered on top of TCP and IP, which are some protocols among others, and how the DNS (a service itself using TCP and UDP) is used to map data, and in a web setting, to map a given hostname (website) to one or more IPv4 or IPv6 addresses, for an HTTP client (like a browser) to be able to initiate its TCP/IP connection.

Strongswan DNS Leak with split-tunnel

I've set up Strongswan VPN with StrongMan(web-interface manager) on AWS.
It works great, my company employees can access contry-restricted site without any issues. But now I need to implement split-tunneling, because we also have to send terabytes of data, daily, to non-restricted sites.
I've coded small C# app that automaticaly manages split-tunneling routes with next command.
route ADD siteIP MASK 255.255.255.255 10.10.10.1 IF VPNInterfaceID
And it doesn't work like i'd like it to work.
Problem is: my DNS are leaking in split-tunnel mode.
If i route to "www.whatismyip.com" thru VPN, it masks my IP, so it works,
but i can't access restricted sites.
So i routed "www.dnsleaktest.com" thru VPN, and i can see that my DNS are in fact leaking.
I've found an app "Simple DNSCrypt", which fixed my problem, but i really dont want to use third-party software.
I'am very new to this topic, so any help would be appreciated.
I cant figure out how to hide my DNS.
Even overriding to 8.8.8.8 and 8.8.4.4 doesnt help.
What can i do? What should i read and learn? What could be the problem?
Sorry for my poor use of English.
Thank you in advance!
I've figured it out. Maybe, this answer will help someone someday.
You have also route DNS adresses thru VPN (in my case 8.8.8.8 and 8.8.4.4),
and "disabling" default ethernet adapter DNS by setting them to 127.0.0.1.
Dont forget to revert them back after disconnecting from VPN!

VPN without Static IP address

I have some servers in my workplace and they are accessible via Intranet, I want to allow people from external network to access the gateway and all resources in that gateway.
Is there any way to do that without any special hardwares???
I tried installing Hamachi LogMEin ( Gateway Network ) but, it is taking too much time to connect using RDP.
I tried Insta Safe, they are charging bit high!
Although this is not programming related, I thought I would provide you with a solution which should help resolve your issue using OpenVPN and a Dynamic IP address.
Please follow this URL
Snippet:
As Chris mentioned, should you need further assistance, please try an alternative website, perhaps the suggested networkengineering would suffice.

How to connect to localhost with DSL IP forward

I'm trying to connect to wamp from other computer.
I have a tp-link TD-8811. Is there any way to open my localhost from out
also i dont have a static IP.
A quick look at the specs for your TP-link device show that it is capable of DMZ and Virtual Server configurations. Please see here for a Step-by-Step: http://www.tp-link.com/en/article/?faqid=205 I input your model number in the search and came up with this article. I hope this helps.
There are many options for accessing a dynamic IP from outside.
Almost all services that do CNAME aliases for dynamic IPs offer both free and paid services. I never felt the need to pay for a service that i only used occasionally... The paid packages are usually geared to make your life easier.
Look at: no-ip.com -or- dyndns.com -or- google: "connect to dynamic ip address" and take your pick from the results.
After all of this is done, I'd seriously consider setting up (as an absolute minimum) a quick and dirty encrypted channel for your security. Your Router does not support IPsec/VPN, but that doesn't mean that you cannot ssh to your computer (regardless of host/client OS). There are also port-knocking methods to "speak" to your PC's firewall and instruct it to open your desired data port. You'll need to forward a few more ports from your router to get this set up, but if you'll achieve a closed system that you can open and close again on demand.
Apologies for the non-howto style of this answer, I hope it helps.

How to get browser IP or hostname?

I have a web application that should behave differently for internal users than external ones. The web application is available over the Internet, and therefore obviously to the internal users as well.
All the users are anonymous, not authenticated, but the page should render differently for internal users than external. What I'm doing in my code is use Request.UserHostName and then Dns.GetHostEntry. The result is then compared to a setting in my web.config (that holds something like *.mydomain.local) . If the comparison gives a positive result then I render the HTML that the internal user should see otherwise I render the HTML the external user should see.
However, my problem is that I don't always get the expected value from Request.UserHostName. on the development site I get the IP-number (?) of the machine running the browser but on the customer site I don't get the IP-number of the user machine, I get some other IP-number. The browsers don't have any proxies set or anything like that.
Should I be using something else than Request.UserHostName?
I recommend using IP addresses as well. I'm dealing with this exact same situation setting up an authentication system right now as well and the conditions described by Epso and Robin M are exactly what is happening. External users coming to the site give me their actual IP address while all internal users provide the IP of the gateway machine(router) on to the private subnet the webservers sit on.
To deal with it I just check for that one IP. If I get the IP of the gateway, I provide the internal access. If I get anything else they get the external one which requires additional authentication in my case. In yours, it would just mean a different interface.
Try Request.UserHostAddress, which returns the client's IP address. Assuming your internal network uses IP addresses reserved for LANs, it should be relatively simple to check if an IP is internal or external.
There might be a firewall that is doing some sort of NAT, to enable inside clients to use the external dns-name to reach the server.
Is the IP-number you get on customer site the same at the external customer-server ip? In that case you can hard code for that one IP-address. All internal computers behind that firewall will appear to have to same ip-address and you can classify them as "internal".
It looks like you're being returned a public facing IP Address. Get the user to go to http://www.myipaddress.com . If this is the same as the IP Address returned to your software, then this is definitely the case.
The only solution I can see to get around this is to either get them to connect to the machine holding the asp.net application via a VPN, or to use some other kind of authentication. The latter is probably the best option.
It does sound like there is a proxy between users and the server on the customer site (it doesn't need to be configured in the browser). It may be an internal or external proxy depending on your network configuration.
I would avoid using the UserHostName for what is effectively authentication as it is presented by the browser duing the request and would be easy to spoof. IP address would be much more effective as it's difficult to spoof an IP address in a TCP/IP connection (and maintain a connection). It's still weak authentication but may be sufficient in this scenario.
Even if you are using IP address, if there's a NAT proxy between client and server, you may have to accept that anything coming through that proxy is trusted (I'm assuming that external/untrusted clients don't come through that proxy).
If that isn't acceptable, you're back to other methods of authentication. Rather than requiring a logon or VPN connection, you might consider a permanent cookie or client certificates and only give those to internal clients but you would need some way of delivering those to the client. You could certainly deliver a permanent cookie based on a one-time logon. Cookies can be spoofed in a similar way in that the UserHostName can be however you've got a better opportunity to create a cookie value that is less guessable than a domain name.

Resources