2 Replies Latest reply: Aug 3, 2012 4:35 PM by Bobfinan - Oracle-Oracle RSS

    How to forbid the client illegal ip?

    888815
      Hello everyone.
      I want to check the client ip whether is legal when the client connects to the server.

      For example:
      The server only allows the client whose ip is "192.168.35.204" to access itself.When a client connects to it ,first, the server should be check whether the ip is "192.168.35.204", if not,shutdown the connection.

      Now I only know one way.In the service,I call the " tpcall(".TMIB", (char*)ibuf, 0, (char**)&ibuf, &len, 0)" to get the client's ip, and then check it .
      But When the tuxedo call the service, the connection has been established, and the data has recieved.What I want is checking the client's IP before data recieving.

      Thanks.
        • 1. Re: How to forbid the client illegal ip?
          Todd Little-Oracle
          Hi,

          I don't believe there is anyway to accomplish exactly what it is you are trying to do. But let me ask a few questions.

          1) What type of client is this? Workstation, Jolt, Web Services,...?

          2) Why are you trying to prevent an IP address or perhaps a better question is "What is an illegal IP"?

          3) Have you considered enabling Tuxedo security? This can ensure the client has the proper password(s) or certificate(s) before being able to access any Tuxedo servers.

          4) Are you are willing or able to have your own certificate authority? You could enable 2 way SSL on the link and only allow certificates signed by your authority.

          If really all you want to do is block certain IP address, a firewall is probably a much easier solution.

          Regards,
          Todd Little
          Oracle Tuxedo Chief Architect
          • 2. Re: How to forbid the client illegal ip?
            Bobfinan - Oracle-Oracle
            Hello,
            In addition to Todd's security suggestion, if you enable/use authentication:
            http://docs.oracle.com/cd/E26665_01/tuxedo/docs11gr1/security/Secur.html
            http://docs.oracle.com/cd/E26665_01/tuxedo/docs11gr1/sec/secadm.html#wp1239885

            you may try customizing the AUTHSVR to get what you need. Take a look at adding your MIB
            code to the AUTHSVC in $TUXDIR/lib/AUTHSVR.c to create your own AUTHSVR/AUTHSVC(i.e. renamed of course).
            Regards,
            Bob

            Edited by: Bob Finan on Aug 3, 2012 2:35 PM