Elsinore

User Forum

www.screenconnect.com
Welcome Guest Search | Active Topics | Log In | Register

Tag as favorite
Is there a way to restrict the IP address?
Options
Previous Topic Next Topic
HappyEdwards
#1 Posted : Sunday, November 27, 2011 9:44:31 PM
Rank: Newbie
Joined: 11/27/2011
Posts: 1
Location: Dublin
Is there a way to restrict the IP address range the technicians can access the server? I typically have a VPN established when remote and I could easily allow my LAN and VPN range dedicated as technician allowed IP range.
Back to top
Report?
bigdessert
#2 Posted : Sunday, November 27, 2011 10:34:21 PM
Rank: Advanced Member
Joined: 9/14/2010
Posts: 460
Location: Minnesota
Not in screenconnect, but you can in windows firewall.
Back to top
Report?
Jake Morgan
#3 Posted : Monday, November 28, 2011 6:01:13 PM
Rank: Administration
Joined: 4/9/2010
Posts: 871
Create a directory called App_Code under your ScreenConnect install. Put this HTTP module in it called IPv4SecurityModule.cs:

Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration;
using System.Net;

public class IPv4SecurityModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.BeginRequest += delegate
        {
            var restrictIPs = ConfigurationManager.AppSettings["RestrictIPs"];

            if (restrictIPs != null)
            {
                var restrictIPsParts = restrictIPs.Split(new[] { ' ', ',', ';' }, StringSplitOptions.RemoveEmptyEntries);
                var restrictIPAddresses = new uint[restrictIPsParts.Length];
                var restrictIPShifts = new int[restrictIPsParts.Length];

                for (var i = 0; i < restrictIPsParts.Length; i++)
                {
                    var parts = restrictIPsParts[i].Split('/');
                    restrictIPAddresses[i] = this.GetIPInt(parts[0]);
                    restrictIPShifts[i] = (parts.Length > 1 ? 32 - int.Parse(parts[1]) : 0);
                }

                if (!this.IsAllowed(restrictIPAddresses, restrictIPShifts, context.Request.UserHostAddress))
                {
                    context.Response.StatusCode = 403;
                    context.Response.End();
                }
            }
        };
    }

    bool IsAllowed(uint[] restrictIPAddresses, int[] restrictIPShifts, string userHostAddress)
    {
        var userHostIPInt = this.GetIPInt(userHostAddress);

        for (var i = 0; i < restrictIPAddresses.Length; i++)
            if (userHostIPInt >> restrictIPShifts[i] == restrictIPAddresses[i] >> restrictIPShifts[i])
                return true;

        return false;
    }

    uint GetIPInt(string ipString)
    {
        var ip = IPAddress.Parse(ipString);
        var ipBytes = ip.GetAddressBytes();
        return BitConverter.ToUInt32(ipBytes, 0);
    }

    public void Dispose()
    {
    }
}


In your web.config you'll need to add it to the httpModules to activate it:

Code:
            <add name="CompressionModule" type="Elsinore.ScreenConnect.CompressionModule, Elsinore.ScreenConnect.Web" />
            <add name="IPv4SecurityModule" type="IPv4SecurityModule" />
        </httpModules>


Then for each area you want protected, add a location section to your web.config:

Code:
<configuration>
    <location path="Host.aspx">
        <appSettings>
            <add key="RestrictIPs" value="192.168.2.140/24"/>
        </appSettings>
    </location>
    <location path="Administration.aspx">
        <appSettings>
            <add key="RestrictIPs" value="192.168.2.0/24 192.168.2.140/32"/>
        </appSettings>
    </location>
    <system.web>


You'll need to use the IP address with slash notation. Multiple entries can be separated with a space.
File Attachment(s):
IPv4SecurityModule.cs (2kb) downloaded 2 time(s).
Back to top
Report?
Jake Morgan
#4 Posted : Thursday, February 02, 2012 3:37:11 PM
Rank: Administration
Joined: 4/9/2010
Posts: 871
To revise this a bit, the module IPSecurityModule is now built into our stuff, so you don't need to add the file, but you do need to configure it:

Code:
            <add name="CompressionModule" type="Elsinore.ScreenConnect.CompressionModule, Elsinore.ScreenConnect.Web" />
            <add name="IPSecurityModule" type="Elsinore.ScreenConnect.IPSecurityModule, Elsinore.ScreenConnect.Web" />
        </httpModules>



Then for each area you want protected, add a location section to your web.config:

Code:

<configuration>
    <location path="Host.aspx">
        <appSettings>
            <add key="RestrictToIPs" value="192.168.2.140/24"/>
        </appSettings>
    </location>
    <location path="Administration.aspx">
        <appSettings>
            <add key="RestrictToIPs" value="192.168.2.0/24 192.168.2.140/32"/>
        </appSettings>
    </location>
    <system.web>
Back to top
Report?
Users browsing this topic
Guest
Tag as favorite
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

SoClean Theme By Jaben Cargman (Tiny Gecko)
Powered by YAF | YAF © 2003-2009, Yet Another Forum.NET