Top Posts Tagged with #ip restriction

Whitelist Incapsula IP addresses & Setting IP restriction rules

With Incapsula deployed on the edge of your network, and serving as a proxy for all incoming traffic, there should be absolutely no reason to accept traffic from anywhere but our network.

Whitelist Incapsula IPs

Please make sure that:

· Incapsula IPs are whitelisted in your web server firewall and in the firewall deployed in front of your web server.

· Server modules that enforce IP rate limiting are not set to Incapsula IPs.

Restrict access to non-Incapsula IPs

We recommend setting IP restriction rules to block all traffic from non-Incapsula IP addresses. Setting IP restrictions (i.e. using your firewall or iptables) will block all illegal requests that try to circumvent the Incapsula WAF.

Here is a list of IP address ranges that are used by Incapsula:

199.83.128.0/21

198.143.32.0/19

149.126.72.0/21

103.28.248.0/22

45.64.64.0/22

185.11.124.0/22

192.230.64.0/18

107.154.0.0/16

45.60.0.0/16

45.223.0.0/16

2a02:e980::/29

We have converted the above values to simple IP ranges for your convenience:

199.83.128.1 - 199.83.135.254

198.143.32.1 - 198.143.63.254

149.126.72.1 - 149.126.79.254

103.28.248.1 - 103.28.251.254

185.11.124.1 - 185.11.127.254

45.64.64.0 - 45.64.67.255

192.230.64.1 - 192.230.127.254

107.154.0.0 - 107.154.255.254

45.60.0.1 - 45.60.255.254

45.223.0.1 - 45.223.255.254

2a02:e980:0:0:0:0:0:0 - 2a02:e987:ffff:ffff:ffff:ffff:ffff:ffff

This list may change from time to time. We recommend that you subscribe to this item to receive notifications on any future updates. Important Notes:

- If you create such IP restrictions, make sure to back them up if you disable Incapsula on your site or revert your DNS to its original settings.

- Please pay attention to the /21 and /22 networks: For example, the proper range for 149.126.72.0/21 will be 149.126.72.0 - 149.126.79.254

These ranges can be retrieved via API using the following URL:

https://my.incapsula.com/api/integration/v1/ips with parameter resp_format

This will determine the format of the output from one of the following: json | apache | nginx | iptables | text

(for example: curl -k -s --data "resp_format=apache" https://my.incapsula.com/api/integration/v1/ips)

Apache (.htaccess):

order deny,allow

deny from all

allow from 199.83.128.0/21

allow from 198.143.32.0/19

allow from 149.126.72.0/21

allow from 103.28.248.0/22

allow from 185.11.124.0/22

allow from 45.64.64.0/22

allow from 192.230.64.0/18

allow from 107.154.0.0/16

allow from 45.60.0.0/16

allow from 45.223.0.0/16

allow from 2a02:e980::/29

http://support.incapsula.com/entries/20716913-setting-up-htaccess-restrictions

Nginx:

Nginx comes with a simple module called ngx_http_access_module to allow or deny access to IP address.

#incapsula #ip restriction #network #technology #software

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

Secure Financial Operations with ASP.NET

The objective of this article is to show how we can build a secure application for providing financial operations.

First we start with architecture development.

To make our application secure, we can use a three-layer architecture. It means that we split our application into three layers – database layer, business logic layer, and presentation layer. These layers are illustrated on Figure 1:

Why doing this? From the image we can see that only the presentation layer is available from the web, so we minimize risks that our application will be broken by hackers, because the business logic layer has no access to the web. We can also improve this scheme by adding IP restriction for incoming requests on BL Server. Communicating with the presentation layer by using web services also enables us to make our presentation independent from the platform, and in future we will be able to add easily, for example, a mobile agent that will use the existing web services for work. Separate DB was also used for the previous aims, and we can as well add IP restriction. So, if you implement this scheme, you will do a great job to improve the security of your application.

Figure 1: Three-layer architecture

Next step for improving security with SSL.

By default all requests use HTTP protocol, which is not secure. All traffic is sent by http as a clear text, so anyone can “listen” to your server and collect all the necessary information. To prevent this, we use SSL that encrypts the channel between the browser and the server. When you configure IIS, you can notice several settings for SSL:

Ignore client certificate;

Accept client certificate;

Require client certificate.

When you use “Ignore client certificate” setting, your channel will be secure, but anyone can send a request to the server. This mechanism is useful for login forms and other forms where users send secure information. If you choose to accept certificates, your server will ask for a certificate but will not necessarily deny access if the certificate is not provided. If you select “Require client certificates”, the user must supply a valid certificate or the user will receive an error message. By selecting the “Require” option we cover two security issues: only users with a valid client certificate can access the server, the connection is really encrypted; and you know who works with the server (because you can track logged users and their certificates). We also use this SSL type between our servers to protect channels between our applications.

And the last step is Logging.

You should log all important operations, such as authentication events, login attempt count, all operations for writing/editing the date, reading secure data, servers events, etc. If the log system is implemented correctly, it enables us to detect attacks, to diagnose errors and to recover from attacks. I also suggest implementation of a mechanism for hashing log entries, which prevents our system from changing logs.

In this article we have reviewed some mechanisms for designing a secure application. If you use this rules while developing your application, you will certainly increase security.

Industries and Technology Areas:

Industries: finance, banking, investment management, asset management

Technology Areas: software development, ASP.NET, SSL, three-layer architecture, https

Elinext Group

For more information, see our Projects

Join us on Facebook

Ireland Office Marina House, Adelphi Quay Waterford, Republic of Ireland Phone: +353 (51) 347 477

Belarus Development Center 155b Bogdanovich St. 220040 Minsk, Belarus Phone: +375 (17) 237 53 65

Vietnam Development Center 37A Phan Xich Long St. Ward 3, Phu Nhuan District Ho Chi Minh City, Vietnam Phone: +84 (8) 3995 6849

With over 15 years of experience and over 300 professionals on board worldwide,Elinext Group is a global supplier of IT solutions for various industries, including advertising, accounting, banking, education, finance, healthcare, hospitality, real estate, retail, tourism and others. Elinext companies specialize in custom software development, mobile development, web development, TV app development and game development.

#SSL #HTTPS #authorization #secure application #IP restriction #three-layer architecture #asp.net security #business logic layer .net