I have an asp.net mvc web application and should be filter request by ip of client web server ip(web server ip not client ip : many of client have a same web server ip), how can i do this?
Asked
Active
Viewed 68 times
0
-
_"client web server ip...not client ip"_ ...not sure what you really mean by this? Can you clarify? You mean requests to your API are coming from another application server? You can always get the IP address that made the request, the way of doing it is the same no matter whether the request came from a server or a desktop machine, it makes no difference. The answer to this is here already: https://stackoverflow.com/a/7348761/5947043 – ADyson Jun 27 '18 at 07:49
-
_"many of client have a same web server ip"_...or are you maybe talking about machines behind a NAT router which share the same public IP address? You really need to explain your problem in a bit more detail, I think. – ADyson Jun 27 '18 at 07:51
-
I Use UrlReferer Prop but this prop is null, then try this code string ip = Request.UserHostName; IPAddress remoteIP = IPAddress.Parse(ip); IPHostEntry GetIPHost = Dns.GetHostEntry(remoteIP); but this code return client ip address not client web server address ; – Yakamuz Jun 27 '18 at 08:01
-
what is the "client web server address" in your example, then? If it's not the IP address of the machine making the request, then what machine does it come from? Again, it's not clear what you actually mean by this. Give an example if it helps. – ADyson Jun 27 '18 at 08:06
-
Or try to find the correct terminology for the thing you are describing – ADyson Jun 27 '18 at 08:11
-
i want allow spec ip to access to my app for example my customer have an application that host on "10.100.32.16" and client that have ip like 10.100.23.25,10.100.23.16 and ... refer to this application and get a page for example "Px" and on submitting "Px" post data to my app "172.25.26.33") and my another customer have an app that host on ip "10.100.23.17", i want to allow all client of "10.100.32.16" that access my application and page and not allow to all client of "10.100.32.17" that access and browse my application and page. tnx – Yakamuz Jun 27 '18 at 08:27
-
All you know is the IP address the request to your server came from. That will be the IP address of the user's machine. You cannot be certain that the user visited another site before that, that's really none of your server's business. You could see if `HttpRequest.UrlReferrer` is populated...however a) it provides a URL not an IP address, and b) it sometimes isn't populated, it's up to the sender whether they do that, and c) anyway it is _very_ easy to fake it, so you can't take that as proof that the user is valid. – ADyson Jun 27 '18 at 08:43
-
But...filtering by IP address is often not reliable because user machines in particular change their IP addresses frequently (although if they're connecting via a NAT-ed corporate network the public IP may not change in fact, and that's the one you see. But still I wouldn't count on that - users can work from home, use VPNs, mobile phones etc and then their IP will be different). Realistically if you want to control who accesses your application, use some kind of proper credentials-based authentication or private SSL certificate or something. IP-based filtering is primitive and unreliable. – ADyson Jun 27 '18 at 08:43
-
Tanks for help me ADyson. – Yakamuz Jun 27 '18 at 09:37