Re: Denying access by IP address

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 27984
interpreted = N
texte = on 2/23/2000 3:44 PM, Scott Nelsen at scott@nelsen.net wrote:> I am denying people access to our website based on their IP address. Right > now I have > the following programming entered to block out an entire class C address - > obviously > the x's represent an IP address - I wanted to keep that confidential. > > ---------- > > [ShowIf [IPADDRESS]^xxx.xxx.xxx] >
> > >


SIZE=+2>You have > been denied access to this site! >
> [/ShowIf] > > [hideif [IPADDRESS]^xxx.xxx.xxx] > > <---homepage here but not shown to save space---> > > [/hideif] > > -------------- > > What I want to know is how I can indicate a complete and separate Class C (or > for that > matter, class B) without doing multiple [showif]s and [hideif]s. > > (I know there is probably a better way to do this - we are looking into that > but for > right now I need to deny access until we can get the programming done.) > > Thanks, > > Scott > Scott, Don't want to burst your bubble, but there is a security problem with your solution. You should use some other method to block IP addresses such as any built in to your web server. The problem is, and this has been brought to the attention of SM already, session values such as ipaddress and referrer that *should not* be editable, can be overridden by adding formvariables with the same name. Try this on for size... http://www.yourserver.com/protectedfile.tpl?ipaddress=206.251.067.003&referr er=http://gonzo.ofthedayclub.com/Someone in your unwanted class C could override the [ipaddress] value and get in.Mike ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: Denying access by IP address (Kenneth Grome 2000)
  2. Re: Denying access by IP address (Dale Therio 2000)
  3. Re: Denying access by IP address (Kenneth Grome 2000)
  4. Re: Denying access by IP address (Kenneth Grome 2000)
  5. Re: Denying access by IP address (Mike Davis 2000)
  6. Re: Denying access by IP address (WebDNA Support 2000)
  7. Re: Denying access by IP address (WebDNA Support 2000)
  8. Re: Denying access by IP address (Scott Nelsen 2000)
  9. Re: Denying access by IP address (Bob Minor 2000)
  10. Re: Denying access by IP address (Scott Nelsen 2000)
  11. Re: Denying access by IP address (Mike Davis 2000)
  12. Re: Denying access by IP address (Peter Ostry 2000)
  13. Re: Denying access by IP address (JHowarth@smithmicro.com 2000)
  14. Denying access by IP address (Scott Nelsen 2000)
on 2/23/2000 3:44 PM, Scott Nelsen at scott@nelsen.net wrote:> I am denying people access to our website based on their IP address. Right > now I have > the following programming entered to block out an entire class C address - > obviously > the x's represent an IP address - I wanted to keep that confidential. > > ---------- > > [ShowIf [ipaddress]^xxx.xxx.xxx] >
> > >


SIZE=+2>You have > been denied access to this site! >
> [/ShowIf] > > [hideif [ipaddress]^xxx.xxx.xxx] > > <---homepage here but not shown to save space---> > > [/hideif] > > -------------- > > What I want to know is how I can indicate a complete and separate Class C (or > for that > matter, class B) without doing multiple [showif]s and [hideif]s. > > (I know there is probably a better way to do this - we are looking into that > but for > right now I need to deny access until we can get the programming done.) > > Thanks, > > Scott > Scott, Don't want to burst your bubble, but there is a security problem with your solution. You should use some other method to block IP addresses such as any built in to your web server. The problem is, and this has been brought to the attention of SM already, session values such as ipaddress and referrer that *should not* be editable, can be overridden by adding formvariables with the same name. Try this on for size... http://www.yourserver.com/protectedfile.tpl?ipaddress=206.251.067.003&referr er=http://gonzo.ofthedayclub.com/Someone in your unwanted class C could override the [ipaddress] value and get in.Mike ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Mike Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WC2f3 (1997) Plugin or CGI or both (1997) random in arizona (2003) bug in [SendMail] (1997) math and european notation (1998) DON'T use old cart file! (1997) FYI: virus alert (1996) Repost: [convertwords] to convert carriage return? (2000) WC2b15 - [HTMLx]...[/HTMLx] problems SOLVED! (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) SMSI - MacWorld (2005) Cart date/time (2006) TCP Connect (1999) WC2/Mac -- Forms not submitting correctly with Mac browsers (1997) WebCat2 beta 11 - new prefs ... (1997) WC2.0 Memory Requirements (1997) Re:2nd WebCatalog2 Feature Request (1996) BBEdit WedDNA Codeless Language Module (2004) Trouble with formula.db (1997) For Grant: Webcatalog 4.0 - When will we be able to betatest it? (2000)