[THIN] Re: Applying Restrictions Via IP
- From: Jeff Pitsch <jepitsch@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 26 Jan 2006 09:09:26 -0500
what does it do and how does it work? Would you be able to only use it
based on client IP address so that it is situational as opposed to it's
either on or off?
Jeff
On 1/26/06, Guzzo, Mark A (Mark) <guzzo@xxxxxxxxxx> wrote:
>
> How about using the app ieblock? It was mentioned here some time ago and I
> used it with great success at my last job. You should be able to find it
> here:
>
> http://www.fgagne.com/arbo_ds.php?ModPath=Downloads&root_arbo=Downloads/Outils
>
> HTH...
>
> M a r k G u z z o
> Utility Infrastructure Services
> Citrix / VMware Administrator
> Lucent Technologies
> 2601 Lucent Ln, Lisle, IL 60532-3640
> RM:52N15
> W/F:630.979.9731
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Jeff Pitsch
> Sent: Thursday, January 26, 2006 7:42 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Applying Restrictions Via IP
>
> IE, while it has zone control, is not really designed for what you want to
> do. that's why firewall's and proxy's were invented ;)
>
> the problem you have is that you can't make any exceptions based on client
> IP because the client IP will always be the terminal server. You could, I
> suppose, do some fancy scripting that populates the restricted sites
> dynamically when a user logs in. Otherwise, group policy own't help
> you. Your best bet would be the either the scripting solution or possibly a
> 3rd party solution (not sure which though since everything depends on client
> iP).
>
> Jeff
>
>
> On 1/26/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx> wrote:
>
> Jeff
>
> I wish it was that simple. It's not about Web browsing. It's
> about retricting which sites they can access that are internal when the
> users are external.
>
> We want to share servers between internal and external users. We
> want the internal users to be able to access all sites includng our internal
> web based apps. When the same user is external say in a web cafe we do not
> want them to be able to access our internal web sites.
>
> We can't do it via group membership so we must do via IP....
>
> We curently split our servers so internal access is to one set and
> external is to another set with IE completly disabled.
>
> We could achive this by moving our servers into a DMZ and applting
> firewall restrictions but then we have to open up lots of ports in DMZ for
> Citrix server to work with our the management stuff. Less than ideal.
>
> Hoping we can use some form of IP restiction with IE blocking to
> achive this. Playing with PAC files but struggling.
>
> I get the feeling I am missing something really simple.....
>
> PS we are on XP FRE3 and hopefully moving to PS4 laster this year
>
>
> Malcolm
>
>
>
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx <mailto:
> thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Jeff Pitsch
> Sent: 25 January 2006 15:48
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Applying Restrictions Via IP
>
>
> Citrix policies can be applied by IP no problem.
>
> IE browsing would be best controlled through your
> firewall...hint hint
>
> Jeff Pitsch
>
>
> On 1/25/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx >
> wrote:
>
> And I would like the same for something like
> IE. As in certain IP addresses can browse but others can't....
>
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx <mailto:
> thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
> Of Russell Robertson
> Sent: 25 January 2006 13:32
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Applying Restrictions Via
> IP
>
>
>
>
> I'd like to switch on client drive mapping
> but only for some of our external users (using WI3.0/CSG2.0). The idea
> being that we trust some external sites but not all (e.g., web café would
> not be trusted).
>
> We thought we could do this via IP address,
> has anyone done this sort of thing before and could pass on advice?
>
> Thanks
>
> Russell
> Russell Robertson
> Skibo Technologies
> T: +44 (0)1224 355250
>
>
> E: russell.robertson@xxxxxxxxx <mailto:
> russell.robertson@xxxxxxxxxx>
> W: www.skibo.com <http://www.skibo.com/>
>
> Microsoft Certified Partners
> Citrix Solutions Advisers
> Northern Business Star Awards Finalists
> 2005
>
>
>
>
> ***********************************************************************************
> The Royal Bank of Scotland plc. Registered in
> Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2
> 2YB.
> Authorized and regulated by the Financial Services
> Authority
>
> This e-mail message is confidential and for use by
> the
> addressee only. If the message is received by
> anyone other
> than the addressee, please return the message to
> the sender
> by replying to it and then delete the message from
> your
> computer. Internet e-mails are not necessarily
> secure. The
> Royal Bank of Scotland plc does not accept
> responsibility for
> changes made to this message after it was sent.
>
> Whilst all reasonable care has been taken to avoid
> the
> transmission of viruses, it is the responsibility
> of the recipient to
> ensure that the onward transmission, opening or use
> of this
> message and any attachments will not adversely
> affect its
> systems or data. No responsibility is accepted by
> The Royal
> Bank of Scotland plc in this regard and the
> recipient should carry
> out such virus and other checks as it considers
> appropriate.
> Visit our websites at:
> http://www.rbos.com <http://www.rbos.com/>
> http://www.rbsmarkets.com <
> http://www.rbsmarkets.com/>
>
> ********************************************************************************
>
>
>
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
>
Other related posts:
