Hi All,
This is my very first query, so be gentle!
We currently have a set up here (which I've inherited…isn't that the usual excuse 'it was like that before I started') where portions of our website are available to subscribers. Those users are a mixture of username/password users and IP restricted users. I'm fine when I've been given a single IP address, but how do you handle an IP range?
I'm sorry if this is the bleeding obvious…just want to make sure I do it right!
Thanks in advance for your help.
Ann
[quote]
Hi All,
This is my very first query, so be gentle!
We currently have a set up here (which I've inherited…isn't that the usual excuse 'it was like that before I started') where portions of our website are available to subscribers. Those users are a mixture of username/password users and IP restricted users. I'm fine when I've been given a single IP address, but how do you handle an IP range?
I'm sorry if this is the bleeding obvious…just want to make sure I do it right!
Thanks in advance for your help.
Ann
[/quote]
Hi Ann,
You can do that:
- create user group (I have IP_sec)
- put Public User in to this group
- in menu on Public User are Restrictions
- Add new condition: user IP condition
and now you can put IP ranges.
Next on asset which you'd like protect by IP in Read Permission remove
Public user and add created group.
This work for me.
Regards
Arek
P.S. Sorry about my English.
I'm confused as to how you actually add a range… it seems to be IP by IP rather than everything between x and y…
Though I can't even get the single IP address to work so… 
Hi Rachel,
That's kind of what I'm up against. I can get a single IP address in, but not a range…without entering every single address. I know I can upload a CSV file, but that would still entail creating a list for a range.
Thanks.
Ann
[quote]
I'm confused as to how you actually add a range… it seems to be IP by IP rather than everything between x and y…
Though I can't even get the single IP address to work so…
[/quote]
Hi Arek,
Thanks for your help.
That's the way I'm doing things right now - but I have to enter each IP address within the range singly - unless I'm missing something! I can't quite see how to do the range.
Thanks.
Ann
[quote]
Hi Ann,
You can do that:
- create user group (I have IP_sec)
- put Public User in to this group
- in menu on Public User are Restrictions
- Add new condition: user IP condition
and now you can put IP ranges.
Next on asset which you'd like protect by IP in Read Permission remove
Public user and add created group.
This work for me.
Regards
Arek
P.S. Sorry about my English.
[/quote]
You just need to enter 2 ip addresses to do a range. Enter the first, commit, then enter the end ip of the range.
We have used this in the past and it definitely works.
The User IP condition supports restricting by network range using the "Subnet mask" option. This generally allows you to whitelist connections from your own network, or from a certain other network, which will have a standard network range.
The default setting of "255.255.255.255" is the correct one for a single IP address, but for larger network ranges you would need to adjust this. As a basic example, if you want to whitelist all IPs starting with "192.168.0", then you would put "192.168.0.0" in the network address and "255.255.255.0" as the subnet mask. (Subnetting is a fairly advanced concept and is therefore an advanced option in Matrix; you may have to consult your network administrator for the correct settings for your situation.)
There is no way to restrict to an arbitrary range (say, 192.168.0.3 - 192.168.0.10), at least not in one line.