This discussion is archived
2 Replies Latest reply: Aug 3, 2012 2:35 PM by BobFinan - Oracle RSS

How to forbid the client illegal ip?

888815 Newbie
Currently Being Moderated
Hello everyone.
I want to check the client ip whether is legal when the client connects to the server.

For example:
The server only allows the client whose ip is "192.168.35.204" to access itself.When a client connects to it ,first, the server should be check whether the ip is "192.168.35.204", if not,shutdown the connection.

Now I only know one way.In the service,I call the " tpcall(".TMIB", (char*)ibuf, 0, (char**)&ibuf, &len, 0)" to get the client's ip, and then check it .
But When the tuxedo call the service, the connection has been established, and the data has recieved.What I want is checking the client's IP before data recieving.

Thanks.
  • 1. Re: How to forbid the client illegal ip?
    Todd Little Expert
    Currently Being Moderated
    Hi,

    I don't believe there is anyway to accomplish exactly what it is you are trying to do. But let me ask a few questions.

    1) What type of client is this? Workstation, Jolt, Web Services,...?

    2) Why are you trying to prevent an IP address or perhaps a better question is "What is an illegal IP"?

    3) Have you considered enabling Tuxedo security? This can ensure the client has the proper password(s) or certificate(s) before being able to access any Tuxedo servers.

    4) Are you are willing or able to have your own certificate authority? You could enable 2 way SSL on the link and only allow certificates signed by your authority.

    If really all you want to do is block certain IP address, a firewall is probably a much easier solution.

    Regards,
    Todd Little
    Oracle Tuxedo Chief Architect
  • 2. Re: How to forbid the client illegal ip?
    BobFinan - Oracle Journeyer
    Currently Being Moderated
    Hello,
    In addition to Todd's security suggestion, if you enable/use authentication:
    http://docs.oracle.com/cd/E26665_01/tuxedo/docs11gr1/security/Secur.html
    http://docs.oracle.com/cd/E26665_01/tuxedo/docs11gr1/sec/secadm.html#wp1239885

    you may try customizing the AUTHSVR to get what you need. Take a look at adding your MIB
    code to the AUTHSVC in $TUXDIR/lib/AUTHSVR.c to create your own AUTHSVR/AUTHSVC(i.e. renamed of course).
    Regards,
    Bob

    Edited by: Bob Finan on Aug 3, 2012 2:35 PM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points