How to restrict URL for specific IP address
Application Type
Reactive

Hi,

Is it possible to access Outsystems Project URL for particular IP Address?   If YES then how?

I am asking for real project. 


For ex:  I want to access my project only on

Sample IP's:

204.208.107.22 &204.208.107.23

Thanks

Hi Shaun,

to check IP use this function:

https://www.outsystems.com/forums/discussion/63760/function-to-get-ip/

Than you can check on every page if the IP is on your permission list. If not you can deny access or redirect to another screen.

mvp_badge
MVP

Hello Shaun,

It's possible to validate the IPs of clients who are accessing your pages. You can use the GetIP action from the HTTPRequestHandler extension to do this:

But I would advise you to reconsider. IPs are rarely static, and even if they are, using them as a safety feature within applications is not considered a good practice.

This sort of access control is usually safeguarded by proxies or firewalls, a step below the application layer. Would you mind sharing your use case with us? Maybe other posters here could suggest other ways to implement this.

Hi Afonso,

Thanks for reply.

Our intention is if any unknown user tries to find any existing page from our dev and test environment then it should not be searchable in google. But this is not in our hand so if that page is found then it should not  accessible for that user. 

That's why we are thinking give access only to specific IP's. If any other approach please suggest. 

Thanks.


Hi Shaun,

am I understanding right that we are talking here about pages that have anonymous access ?  Might it be a solution to have a site property indicating whether anonymous access is allowed, and check against that property in your layout block.  

That way, you can set it to not allowed in the dev / test / acc environments and only people registered in those environments as users and logged in will be able to access the pages.  

For testing how it will function for anonymous users, you can temporarily allow anonymous access in any given environment and afterwards dissallow again.

Dorine

mvp_badge
MVP


Hi Shaun,

I think Dorine's solution would be more robust than direct IP checking if your pages have anonymous access - this way, you don't have to keep track of specific IPs to whitelist, while still blocking access to unknown users. 

If you also wish to prevent any sort of Google searching/indexing, they respect robots.txt or the noindex metatag, so that would also be something to consider.

Typically, most infrastructures will keep the Development and Test environment isolated from the public Internet, and only accessible from the outside network through a VPN. This would require someone with infrastructure access and knowledge to setup, but it would be considerably safer, and would not require you to develop towards these needs.


Yes,

exactly this.

What I was proposing would only be usefull on top of what Afonso is saying, if you want your production users in the local network to not accidentally stumble across unreleased /confusing features that are still under development.

Hello Shaun 

What Afonse has suggested is absolutely right. You can use the GetIP action to check IP. Because uou have to restrict all the pages of application not to be accessible from other IPs then 204.208.107.22 & 204.208.107.23 (Sample)

You can validate the IPin a common Block Area like Header and see if the IP is not same show 404. 


Hope this is clear :) 

Actually if you have a login page, you don't need to check on every screen.

If you apply this logic on your DoLogin action, you will get what you need:


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.