This evening I noticed a brute force attack attempt from the same IP address on several of our websites hosted on the same IP address. The attempt was to exploit a bunch of php-related vulnerabilities.
As I get notifications on all of these, I simply added the incoming IP address in IIS Manager/IP Address and Domain Restrictions - set to deny, then left it.
No more notifications, so I figured everything was good.
Later when I attempted to access any of our websites, I got a 403 access denied error from any IP address I tried to access these sites from. I do have one site that I have explicit allow rules set for other IP addresses, which I was able to access, however all the other sites do not have this special rule.
To get all the sites working again, I added an Allow rule where I added an IP address range is the web server's IP address, and Mask or Prefix = "(1)".
Here are the settings in IP Address and Domain Restrictions:
Mode: Allow
Requestor: ([my server's IP address])(1)
Entry Type: Local
So what I'd like to know is why this is now allowing access to the rest of my sites. Did I mistakenly delete a value that should have been there before?
From what I read here, By default, domain name restrictions are disabled.
Related
I'm currently using firebase hosting with my default domain.
Is there a way to check if the IP address associated with this domain is a static IP address?
thank you very much.
I looked up her IP on an IP address lookup service and it pointed to the same her IP address for several days.
I checked the firebase hosting reference, but there was no explanation about the default domain.
* https://firebase.google.com/docs/hosting
Edit: #pregum_fox (the OP) added in the comments below that when they contacted Firebase Support directly, the team confirmed that all *.web.app and *.firebaseapp.com domains will resolve to the same IP address - which at the time of writing is 199.36.158.100, a Fastly edge server. Custom domains will use a different edge server identified in the Firebase Console.
Original content:
If it's not documented, it likely isn't - or at least, is not guaranteed to be.
The only time an IP address linked with your Firebase Hosting site should not change (without being advised), is when you've connected it to a custom domain. This is because the IP address you register as the A record for your custom domain must remain the same to work properly. If it changed often, using a custom DNS would be pointless.
I have some clients whose IP changes every day and static IP is not an option for them.
If I have them install a Dynamic DNS client, and then in my application .htaccess file refer to that Dynamic DNS domain, does that pose any security issue for my application?
So to summarize does using Dynamic DNS domains in my .htaccess files pose any security related threats to my application?
As far as I understand this, you want to add your clients IP addresses to the whitelist of your application and you want to switch to DynDNS because the IP addresses change every day.
So you want to assign each client a different domain and whitelist each of those domains, is that correct?
The obvious attack vector here would be hijacking a domain and pointing it to a malicous machine other than the clients machine using the DynDNS service.
If you manage to register the DynDNS client on the clients machine without exposing any login information regarding the domain that could be stolen or lost then this should be safe. But I currently do not see how you would be able to register the client for your domains DynDNS without having the credentials stored somewhere on this machine.
I have a hardcoded DDNS URL in an application that I can no longer modify the code for. It currently points to a server using its IP address and I'm trying to move over to Firebase.
My problem is that I need to update the DDNS URL with an IP address but I've only got a hosting URL like https://myapp-123q4.firebaseapp.com/.
My understanding is (from this Google Groups post) that because the entire system is shared, there are some specific IP addresses that can be used. Is there any way to access my own firebase hosting URL using an IP address?
(Pinging my firebase URL gave me the IP 151.101.1.195 which is one of the ones mentioned on the above linked post.)
You should not depend on direct IP addresses for accessing Firebase Hosting. There are simply not enough IPv4 addresses available for everyone to have exclusive access to one. You need to use the host name in the HTTP request so that the server can route the request to the correct content.
I am logging every user's IP when they access the company's page.
There are two ways to access the page from inside the local network:
http://company/webpage
and
https://webpage.company.com
What bugs me is that even when the users use the https global IP, their accesses are still recorded on database with their IP as 10.50.1.12 or 10.50.1.100.
Does that means that the browser or something else is redirecting the https://webpage.company.com to company/webpage? Or does that mean that I'm using a flawed method to log the users IP?
Another way to ask my question (just to make sure I'm being clear): if I'm accessing my Internet web page from inside the LAN network, am I effectively going outside my network and then back? If not, where am I going wrong with my logging?
Code used to log user's IP:
user.LastIP = HttpContext.Current.Request.UserHostAddress;
I'm curious about this because I want to make sure the users inside the company will access the page using exclusively the LAN Network. The goal is to save bandwidth usage, which is scarce.
Edit:
Pinging the https://webpage.company.com from inside the LAN network will result in a reply from a global IP address like 194.xxx.xxx.xxx. So I'm clearly getting the user's IP wrongly. What would be the ideal way of retrieving the IP from the page accessing entity?
Access to http://company/webpage will result in a DNS lookup of the host name "company". To resolve this, DNS will need a fully qualified domain name (fqdn), so it will add a top level domain (according to the configured search list in the client). In this example, it seems fair to assume that the fqdn will be "company.com". This, in turn, may very well resolve to the same IP address as the "webpage.company.com". You can check this by using dns lookup utilities like 'nslookup' and 'dig', or simply by using 'ping company' and 'ping webpage.company.com'.
The users IP addresses you mention, 10.50.1.12 and 10.50.1.100, seems to be the local IP addresses of the client hosts. I base this assumption on the fact that these IP addresses come from the RFC-1918 address range which is used for internal addresses. My guess is that these are the correct IP addresses, and that your logging works fine.
The users IP address you will log from accessing 'http://company/webpage' and 'https://webpage.company.com' should in most cases be the same. You can see it this way: it doesn't matter what the target URL is, traffic is still coming from the same host, the same IP address.
In any case, you most probably don't need to worry about any traffic leaving your local network.
I have multiple websites hosted on our server. When someone types the IP address in the address bar of the Browser It redirects to one of the websites hosted on the server. Is there any way by which I can set the default website which is opened when some one types the IP address. Same IP address is being shared by multiple websites.
1 IP address can only bind to 1 IIS Entry. So what you need to do is to pick the IIS entry you want, go the "Binding" section and bind your IP as the binding header.
ex: If your IP is 1.1.1.1 , then in binding header, you put 1.1.1.1, in IP address, you also choose 1.1.1.1.
After you setup this binding, you can browse to 1.1.1.1 and it'll open your site.
Remember to make sure all other sites doesn't have this binding. Otherwise, it'll have an conflict.
All you have to do is leave off the IP address and host name entries, and provided you have only a single website matching that, that site will become the 'default', while your other sites will have specific host name(s) they respond to.
I am not sure, but you may have to add a specific host in the C:\\Windows\System32\drivers\etc\hosts file, giving IP address and its corresponding address, this definitely works from logging into the website where it is hosted, i.e on the hosting server.
For logging from different IP machines, try the same logic - in this case make sure that the gateway is same for LAN.
Let's see what happens in this case ??