One of our sites that we want to use google analytics on is hosted inside our network.
We would like to exclude the administrators own traffic from the reports, but I am wandering how analytics obtains the users IP address.
If it uses the address which the analytics script is requested from (the HTTP request for the js) then it will see one of our external ips and excluding that will get rid of all traffic.
If it obtains it in javascript once the ga.js is downloaded then it will see the internal 10.x.x.x addresses and filtering out the assigned addresses will have the desired result.
Essentially my question is, will filtering the internal address work or not.
I shall set up an experiment now, but obviously it will take 1 or 2 days before I can be sure about that outcome. If it doesn't work, then I will set custom vars and filter those instead
It will see the IP that requests the __utm.gif image, then the IP of your internet gateway(s)
You can define a filter to exclude each of your IPs, or your IP range
Related
I am trying to restrict access to my Google Maps API account by using IP Address to set up Key Restriction. Previously I have been able to set up Key Restriction using the HTTP Referrer, but I do not seem to be able to get the same config happening using IP Addresses. I have generated a new key to use with the IP Addresses (leaving the current using HTTP Referrer in play as it works).
As an example I can access the MAPS API from localhost/* but am unable to access it from 127.0.0.1 (using the new API key with AP Address key restrictions setup). My actual website is hosted on a shared sever and using the domain name (perfectpets.com.au) with the HTTP referrer restriction all is good, but if I use the new API key with IP address restriction I get the RefererNotAllowedMapError error.
Any tips on how to get this going would be greatly appreciated.
IP address restrictions only work for web services, not the Google Maps JavaScript API v3.
From the documentation
Once restricted, a key will only work on platforms that support that type of restriction.
IP addresses (individual servers) - for use with the web service APIs.
HTTP referrers (web sites) - for use with the Web APIs.
If you have a asp.net mvc project and you have the Google's tracking code and you want to use it for production phase and not for development phase.
What settings in Google analytics should it be? Should I apply my ip-number for internal or external traffic in filter?
What is the difference betwee n internal and external traffic from Google Analytics?
Thank you!
Google Analytics does not differentiate between "internal" and "external" traffic - these are labels commonly used in filters, but what they mean is up to you.
If you use a filter to exclude hits with your IP then the view will remove your own traffic.
If you use a filter to include hits with your IP then Google Analytics will delete all data except visits with that IP (so you want to be careful with include filters and always keep an unfiltered view).
If you use IP anonymization then filtering out a single IP will not work at all (since the last octet of an IP4 ip address will be set to "0"), you would have to exclude a whole block.
We've been working on a collaborative project using AWS and in particular SimpleDB. Lately, our SDB cost have been going through the roof and we're trying to figure out what's going on. Is there any way to find out which IP addresses connect to it?
EDIT: If we can't find out which IPs are accessing SDB to get data from it, is it at least possible to determine how much each of our SDB domains get queried in terms of number of queries to a domain and/or the total amount of data getting pulled from a domain?
AWS IAM allows you to put condition on user's IP address using AWS IAM AWS-Wide Policy Keys. Here is the link - For Managing Users for Amazon SimpleDB using AWS IAM.
Here is the example to allow requests only if they come from certain IP address or range. source
Allow requests only if they come from a certain IP address or range
This policy is for an IAM group that all users in a company belong to. The policy denies access to all actions in the account unless the request comes from the IP range 192.0.2.0 to 192.0.2.255 or 203.0.113.0 to 203.0.113.255. (The policy assumes the IP addresses for the company are within the specified ranges.) A typical use is for Amazon VPC, where you might expect all your users' requests to originate from a particular IP address, and so you want to deny requests from any other address.
{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Deny",
"Action":"*",
"Resource":"*",
"Condition":{
"NotIpAddress":{
"aws:SourceIp":["192.0.2.0/24", "203.0.113.0/24"]
}
}
}
]
}
I have been asked to get details of every user that logs into our website. Is it possible to capture the IP address of every user that logs into our website from which I can gather details using IP lookup software.
It's already captured. Check out the web logs for whatever your webserver is.
In IIS, it's likely in C:\Windows\System32\LogFiles. Apache will normally be in /var/log.
You can tweak the specifics of what it captures, but by default IP address is always included.
Unless you are explicitly required to store the ip:s yourself, I recommend using Google Analytics, which will sort out unique/returning visitors, geographical locations and so on.
I have a web application that should behave differently for internal users than external ones. The web application is available over the Internet, and therefore obviously to the internal users as well.
All the users are anonymous, not authenticated, but the page should render differently for internal users than external. What I'm doing in my code is use Request.UserHostName and then Dns.GetHostEntry. The result is then compared to a setting in my web.config (that holds something like *.mydomain.local) . If the comparison gives a positive result then I render the HTML that the internal user should see otherwise I render the HTML the external user should see.
However, my problem is that I don't always get the expected value from Request.UserHostName. on the development site I get the IP-number (?) of the machine running the browser but on the customer site I don't get the IP-number of the user machine, I get some other IP-number. The browsers don't have any proxies set or anything like that.
Should I be using something else than Request.UserHostName?
I recommend using IP addresses as well. I'm dealing with this exact same situation setting up an authentication system right now as well and the conditions described by Epso and Robin M are exactly what is happening. External users coming to the site give me their actual IP address while all internal users provide the IP of the gateway machine(router) on to the private subnet the webservers sit on.
To deal with it I just check for that one IP. If I get the IP of the gateway, I provide the internal access. If I get anything else they get the external one which requires additional authentication in my case. In yours, it would just mean a different interface.
Try Request.UserHostAddress, which returns the client's IP address. Assuming your internal network uses IP addresses reserved for LANs, it should be relatively simple to check if an IP is internal or external.
There might be a firewall that is doing some sort of NAT, to enable inside clients to use the external dns-name to reach the server.
Is the IP-number you get on customer site the same at the external customer-server ip? In that case you can hard code for that one IP-address. All internal computers behind that firewall will appear to have to same ip-address and you can classify them as "internal".
It looks like you're being returned a public facing IP Address. Get the user to go to http://www.myipaddress.com . If this is the same as the IP Address returned to your software, then this is definitely the case.
The only solution I can see to get around this is to either get them to connect to the machine holding the asp.net application via a VPN, or to use some other kind of authentication. The latter is probably the best option.
It does sound like there is a proxy between users and the server on the customer site (it doesn't need to be configured in the browser). It may be an internal or external proxy depending on your network configuration.
I would avoid using the UserHostName for what is effectively authentication as it is presented by the browser duing the request and would be easy to spoof. IP address would be much more effective as it's difficult to spoof an IP address in a TCP/IP connection (and maintain a connection). It's still weak authentication but may be sufficient in this scenario.
Even if you are using IP address, if there's a NAT proxy between client and server, you may have to accept that anything coming through that proxy is trusted (I'm assuming that external/untrusted clients don't come through that proxy).
If that isn't acceptable, you're back to other methods of authentication. Rather than requiring a logon or VPN connection, you might consider a permanent cookie or client certificates and only give those to internal clients but you would need some way of delivering those to the client. You could certainly deliver a permanent cookie based on a one-time logon. Cookies can be spoofed in a similar way in that the UserHostName can be however you've got a better opportunity to create a cookie value that is less guessable than a domain name.