Out of necessity (my hosting provider), I have to allow a range of IP addresses. Using IIS 7.5 IP Address and Domain Resrictions feature, I set up the deny all feature and then added my Allow entry with an appropriate ip address and subnet mask e.g. 192.168.106.1 and 255.255.255.0 so that the range allowed was 192.168.106.1 to 192.168.106.254. Then I wanted to deny one specific ip address within this range so I added a deny entry for 192.168.106.147. However, testing showed that I could still access my site using the .147 address. I thought that Deny entries might overrule Allow entries (for safety) but it would appear that Allow entries have precedence. Can anyone confirm this?
Can you try changing the order? i.e., give deny rule before accept rule.
Related
Apologizes if this is readily available somewhere but I'm not able to find it on google easily.
I'm wondering if an IP address will always have a corresponding domain name/URL. We are looking to remove acceptance of IP addresses and require our clients to pass a domain name instead but wanted to ensure that this is possible.
The answer is No.
An IP with a corresponding domain name/URL is strictly for readability purposes. You can map a particular IP to a domain name using a DNS server but it is entirely optional.
More info
We would like to use the Google Translate API from a host which doesn't have open access to the Internet. To setup the firewall rules I would need the list of possible IP addresses for www.googleapis.com. It is resolved to different IP addresses depending on the location. It seems to be difficult to create a future proof firewall rule.
Do you know how could I get the list of IP addresses or network ranges for the Google API servers?
The IP addresses used for any given googleapis.com server could change. Google doesn't have just one network block which they host all of their content out of, they have a bunch of them - and they change over time.
There are several ways you could setup your restricted network to allow access to *.googleapis.com without hard-coding IP addresses. I don't know anything about your setup, but I've found that using an internal proxy is often the best bet when you want to allow/restrict access to a domain.
This evening I noticed a brute force attack attempt from the same IP address on several of our websites hosted on the same IP address. The attempt was to exploit a bunch of php-related vulnerabilities.
As I get notifications on all of these, I simply added the incoming IP address in IIS Manager/IP Address and Domain Restrictions - set to deny, then left it.
No more notifications, so I figured everything was good.
Later when I attempted to access any of our websites, I got a 403 access denied error from any IP address I tried to access these sites from. I do have one site that I have explicit allow rules set for other IP addresses, which I was able to access, however all the other sites do not have this special rule.
To get all the sites working again, I added an Allow rule where I added an IP address range is the web server's IP address, and Mask or Prefix = "(1)".
Here are the settings in IP Address and Domain Restrictions:
Mode: Allow
Requestor: ([my server's IP address])(1)
Entry Type: Local
So what I'd like to know is why this is now allowing access to the rest of my sites. Did I mistakenly delete a value that should have been there before?
From what I read here, By default, domain name restrictions are disabled.
is it possible to specify users IP addresses in Tsung?
Because in Apache logs, the users have the same IP address, the IP of the machine from which testing have been done. I want to specify somehow in Tsung, that it should generate new users with unique identifiers for being possible to distinguish them on Apache logs.
Some ideas?
vhost is only supported by jabber/XMPP plugin not by HTTP or others. Visit http://tsung.erlang-projects.org/user_manual.html#htoc58 to get more.
If you want to specify IP , maybe use more slave in your cluster ? But we can not specify IP per user .
All,
I have an IP address and I want to know all aliases within my organization that point to this IP. Is it possible?
For example I know the alias "TESTBOX" points to 119.119.119.119.
How can by just knowing the IP come up with the "TESTBOX" ?
Thanks,
M
Short answer: You can't.
You can try a reverse lookup on the IP address, but that will only show you the address that has been specifically allocated in the reverse DNS to that IP address.
Remember, aliases might exist only as an entry on a single machine's hosts file. They might also exist in a DNS server on the other side of the planet. However, if you're only interested in local DNS aliases, and your DNS servers allow zone transfers, then you can try listing every entry in every domain (eg. with host -l xyzzy.bigcorp.com) and searching the results for the IP address in question.