[THIN] Re: Applying Restrictions Via IP
- From: Jeff Pitsch <jepitsch@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 26 Jan 2006 08:41:42 -0500
IE, while it has zone control, is not really designed for what you want to
do. that's why firewall's and proxy's were invented ;)
the problem you have is that you can't make any exceptions based on client
IP because the client IP will always be the terminal server. You could, I
suppose, do some fancy scripting that populates the restricted sites
dynamically when a user logs in. Otherwise, group policy own't help you.
Your best bet would be the either the scripting solution or possibly a 3rd
party solution (not sure which though since everything depends on client
iP).
Jeff
On 1/26/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx> wrote:
>
> Jeff
>
> I wish it was that simple. It's not about Web browsing. It's
> about retricting which sites they can access that are internal when the
> users are external.
>
> We want to share servers between internal and external users. We want the
> internal users to be able to access all sites includng our internal web
> based apps. When the same user is external say in a web cafe we do not want
> them to be able to access our internal web sites.
>
> We can't do it via group membership so we must do via IP....
>
> We curently split our servers so internal access is to one set and
> external is to another set with IE completly disabled.
>
> We could achive this by moving our servers into a DMZ and applting
> firewall restrictions but then we have to open up lots of ports in DMZ for
> Citrix server to work with our the management stuff. Less than ideal.
>
> Hoping we can use some form of IP restiction with IE blocking to achive
> this. Playing with PAC files but struggling.
>
> I get the feeling I am missing something really simple.....
>
> PS we are on XP FRE3 and hopefully moving to PS4 laster this year
>
> Malcolm
>
>
>
> -----Original Message-----
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jeff Pitsch
> *Sent:* 25 January 2006 15:48
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: Applying Restrictions Via IP
>
> Citrix policies can be applied by IP no problem.
>
> IE browsing would be best controlled through your firewall...hint hint
>
> Jeff Pitsch
>
>
> On 1/25/06, BRUTON, Malcolm, FM <Malcolm.BRUTON@xxxxxxxx> wrote:
> >
> > And I would like the same for something like IE. As in certain IP
> > addresses can browse but others can't....
> >
> > -----Original Message-----
> > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> > Behalf Of *Russell Robertson
> > *Sent:* 25 January 2006 13:32
> > *To:* thin@xxxxxxxxxxxxx
> > *Subject:* [THIN] Applying Restrictions Via IP
> >
> >
> > I'd like to switch on client drive mapping but only for some of our
> > external users (using WI3.0/CSG2.0). The idea being that we trust some
> > external sites but not all (e.g., web café would not be trusted).
> >
> > We thought we could do this via IP address, has anyone done this sort of
> > thing before and could pass on advice?
> >
> > Thanks
> >
> > Russell
> > *Russell Robertson
> > Skibo Technologies
> > T: +44 (0)1224 355250
> > *
> >
> > *E: **russell.robertson@xxxxxxxxx* <russell.robertson@xxxxxxxxxx>*
> > W: **www.skibo.com* <http://www.skibo.com/>**
> >
> > *Microsoft Certified Partners
> > Citrix Solutions Advisers
> > Northern Business Star Awards Finalists 2005*
> >
> >
> >
> >
> > ***********************************************************************************
> > The Royal Bank of Scotland plc. Registered in Scotland No 90312.
> > Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
> > Authorized and regulated by the Financial Services Authority
> >
> > This e-mail message is confidential and for use by the
> > addressee only. If the message is received by anyone other
> > than the addressee, please return the message to the sender
> > by replying to it and then delete the message from your
> > computer. Internet e-mails are not necessarily secure. The
> > Royal Bank of Scotland plc does not accept responsibility for
> > changes made to this message after it was sent.
> >
> > Whilst all reasonable care has been taken to avoid the
> > transmission of viruses, it is the responsibility of the recipient to
> > ensure that the onward transmission, opening or use of this
> > message and any attachments will not adversely affect its
> > systems or data. No responsibility is accepted by The Royal
> > Bank of Scotland plc in this regard and the recipient should carry
> > out such virus and other checks as it considers appropriate.
> > Visit our websites at:
> > http://www.rbos.com
> > http://www.rbsmarkets.com
> >
> > ********************************************************************************
> >
>
>
Other related posts:
