We would like to exclude dev, localhost and QA site on Google G4 which are using the same G4 Id. I was using the universal analytics with excluding host name. However, google G4 is showing to exclude sites with IP addresses. I would like to exclude it with hostname on google G4 as development or QA situs testing on multiple systems and we need to provide many IPs there. With hostname it will solve my issue.
I have tried by creating rules and based on rules I created internal traffic rules. But its showing with IP address to exclude sites. We need to exclude sites with host name just like universal analytics.
Related
How can I allow Google Cloud Build through GitHub Enterprise's IP allow list restriction?
I have already added all 80 IP ranges for the region of the Cloud Build I am using and that did not seem to work.
I am new to Cloud Foundry.
Is there any way that only specific users can view and update an app deployed in Cloud Foundry?
1.I deployed an app in Cloud Foundry using “cf push”command.
2.After entering “cf push “command I’ve got an message below.
Using manifest file /home/stevemar/node-hello-world/manifest.yml
enter Creating app node-hello-world-example...
name: node-hello-world-example
requested state: started
routes: {route-information}
last uploaded: Mon 14 Sep 13:46:54 UTC 2020
stack: cflinuxfs3
buildpacks: sdk-for-nodejs
type: web
instances: 1/1
memory usage: 256M
3.Using the {route-information} above,I can see the app deployed via browser entering below URL.
https://{route-information}
By this way ,anyone can see app from browser, but I don’t want that to be seen by everyone and limit access to specific user.
I heard that this global IP will be allocated to {route-information} by default.
Is there any way to limit access to only between specific users?
(For example,is there any function like “private registry” at Kubernetes in Cloud Foundry which is not open to public)
Since I am using Cloud Foundry in IBM Cloud it would be better if there is solution using IBM Cloud.
I’ve already granted cloud foundry role to the other user.
Thank you.
The CloudFoundry platform itself does not provide any access controls for applications. If you assign a public route to your application, where the DNS is publicly resolvable and the foundation is on the public Internet, like IBM Bluemix, then anyone can access your app.
There's a number of things you can do to limit access, but they do require some work on your part.
Use a private DNS. You can add any domain you want to Cloud Foundry, even ones that don't resolve. That means you could add my-cool-domain.local which does not resolve anywhere. You could then add a record to /etc/hosts for this domain or perhaps run DNS on your local network to resolve this DNS domain and direct traffic to the CloudFoundry.
With this setup, most people cannot access your application because the DNS domain for the route to your application does not resolve anywhere. It's important to understand that this isn't really security, but obscurity. It would stop most traffic from making it to your app, but if someone knew the domain, they could add their own /etc/hosts header or send fake Host headers to access your application.
This type of setup can work well if you have light security requirements like you just want to hide something while you work on it, or it can work well paired with other options below.
You can set up access controls in your application. Many application servers & frameworks can do things like restrict access by IP address or require user access (Basic auth is easy and it is OK, if you're only allowing HTTPS traffic to your app which you should always do anyway).
You can use OAuth2 to secure apps too. Again, many app servers & frameworks have support for this and make it relatively simple to secure your apps. If you don't have a corporate OAuth2 solution, there are public providers you can use. Exactly how you do OAuth2 in your app is beyond the scope of this question, but there's plenty of material out there on how to do this. Google information for your application language/framework of choice.
You could set up an access Gateway. This would be an application that's job is to proxy traffic to other applications on the foundation. The Gateway could be something like Nginx, Apache HTTPD, or Spring Cloud Gateway. The idea is that the gateway would be publicly accessible, and would almost certainly apply access controls/restrictions (see #2, many of these proxies have access control options that only take a few lines of config). Your actual applications would not be deployed publicly though. When you deploy your actual applications, they would only be on the internal Cloud Foundry domain.
CloudFoundry has local domains, often apps.internal (run cf domains to see if that shows up), which you can use to easily route traffic across the internal container-to-container network. Using this domain and the C2C network, you can have apps deployed to CF that are not accessible to the public Internet, except through your Gateway.
Again, how you configure this exactly is outside the scope of this question, but check out the docs I linked to for info on using the C2C network & internal routes. Then check out your proxy server of choice's documentation.
I have been trying to login into azure but I keep getting a "This page can't be reached" error. Same thing when I go to other Microsoft Accounts. Anyone else facing this issue or it's just me?
Please check with the following things:
Try the login to Azure DevOps on different machines, and with different networks.
You also can check if you are able to access the web sites of other services, such as GitHub, Bitbucket, etc..
If you are able to access the services on some other machines or networks but not on your machine, go to check whether there is any restriction for IP addresses and domain URLs has been set in the firewall or proxy server on the machine. If yes, you need to add the IP addresses and domain URLs of Azure service to the Allow list. For more details, you can see "Allowed address lists and network connections".
I can log into the Portal using its host name, but not url. Why?
Example:
https://developer.think.ibm/ works
https://192.168.225.20/ returns a 403 and 'nginx'
My 'on-premises' cloud consists of 4 vms that were provided in a workshop in IBM South Bank in June 2016. I am in the process of refreshing my APIC skills and extending them. Rather than use the Ubuntu vm where the Toolkit is installed, I have been using it in Windows 10, and accessing the APIM and CMC from Firefox and Chrome in Windows, using the ip address of the vm.
I have come to the conclusion that there must be a config value in the CMC or Portal, that forces Portal to only accepts urls containing 'developer.think.ibm'. Using the ip-address, also fails from Firefox in Ubuntu. In Windows, I added 'developer.think.ibm' to my hosts file and now I can access the Portal. Using vmware's NAT port forwarding 'localhost:4443', returns a 404.
It seems to me that inital access to the Portal, by its nature, should be easy, as this is the whole point of having an API manager.
Regards, John
Your Portal Server hosts multiple Portal sites (each Catalog has its own Portal site). The IP address of the server doesn't identify a site so you need to use the site's url (which is configured as part of the catalog configuration in API Manager). URLs for different sites may have different virtual hosts, or differ only in their paths.
I have two hosting accounts (Personal one and a work one). I am doing some testing and would like to create a subdomain of a work domain (manage.domain.com) and host it on my personal account. Currently, my personal host is through 1and1 and is dedicated while the work one is shared with GoDaddy.
Work
I have gone into go daddy and created the subdomain. I have also added DNS records such as A, AAAA AND NS (i did not record a CNAME). I have noticed that if is type manage.domain.com it is redirecting to my personal server. However, it is directing to the blank admin page of the root of the server (which is maintained using Plesk).
Personal
Using Plesk I added the website (domain.com) and created the subdomain (manage.domain.com). I have also updated the websites hosting access using Plesk and assigned it the default values of my personal account. Using Plesk I also set the subdomain to the particular location of the files I want to test. However, I cannot get my server to recognize the address and redirect it to the proper location.
Any help is greatly appreciated!
J
You can just create:
in personal account domain(not subdomain) manage.domain.com
on domain.com add DNS record of type A, name "manage" and IP address of personal hosting:
After that "manage.domain.com" will resolving to hosting of your personal account and can be accessed because such domain exists.
I figured it out
What i did above was correct expect do not change the name servers on the work DNS(godaddy).
Add the website to plesk - it will give you an error about not being able to control the DNS settings which you have already adjusted on the original server (godaddy)
Add a subdomain of the website.
*** Ensure the subdomain is pointed to the correct folder within your server
Done