How do I block access to an application from the user’s IP?

Asked

Viewed 578 times

1

How do I block access to a web java application by the user’s IP.

The application will be hosted outside the company environment, but need that by certain profile can be accessed from outside.

I have in the user register the profile of each and I thought that when trying to log in I can somehow validate whether it is within the company or not.

How to do?

  • Maybe you need to see a little more about networks, if your company uses the internet or an intranet ( where you could have a mapping of all "static" Ips) or create a table or an xml with the Ips you can access. Well there you have to see the best way.

2 answers

1


You can take the user’s IP like this:

HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
String ipAddress = request.getHeader("X-FORWARDED-FOR");

And in your user registration/privileges, enter an option to Acesso Externo.

When logging in, you compare whether the user’s IP is in the company’s predefined IP range (if it has a fixed IP), if the condition is false, check whether it has external access.

0

First of all you have to make sure that the registered user with permission to access from abroad uses a static ip (otherwise you can use software to help at that point).

One of the alternatives using . htaccess:

ErrorDocument 403 /specific_page.html
Order Allow,Deny
Allow from 111.222.333.444
  • The problem is that this way I block all access, but I need some users to be able to access the application externally.

  • No allow defines the ips that allows you to access

  • I understood, the problem is that only some users will have external access and I have no way of knowing which IP to use. Within the company there is a specific IP range and I think I will have to limit this way, IE, if you are outside the company IP, only managers can access. Employees do not.

  • I understand, the problem is that only some users will have External access and have no way of Knowing which IP will use. Within the company there is a specific range of IP and I think we have to limit this way, ie if you are Outside the company’s IP, only managers can access. Employees do not.

  • So how do you want to validate whether the ip is authorized or not? To be able to do this you have to know beforehand the ip assigned to the user (Static IP)

  • I believe the company has an IP range. So it is possible to do so having the range of Ips, right?

  • By the range of ips it is possible, because it ends up knowing which ones are inside that range. But it can also mean that not everyone who belongs to a range of ips will have access from outside

  • How else do you identify your company’s users? So I figured you were talking about external ips!

Show 3 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.