Get specific about access from IPs
March 26, 2010
Tracy Johnson replies:
A simple logon UDC should suffice:
IF HPREMIPADDR = "aaa.bbb.ccc.ddd" then
ECHO Welcome.
ELSE
ECHO Evil message here.
BYE
ENDIF
Bob Schlosser of the Support Group inc adds:
You can set up a logon UDC that checks that the var HPLOCIPADDR is equal to the device (PC) that you want them to use. Something like this:
LOGON
OPTION NOBREAK,LOGON
IF "!HPLOCIPADDR" <> "123.456.789.321" change "123.456.789.321" to
your IP address
BYE
ENDIF
Using this we verify that the user is on the correct (assigned) IP address, and log them off if not.
Chris Bartram, who's created e-mail solutions for the 3000 and hosted Web servers since early in the 1990s, adds:
The following is an excerpt from system UDCs I use on my HP 3000s that might give you some ideas.
The "VALIDATEIPADDR" call in the UDC calls another command file that actually does a validation of the logging-on user based on data in a control file to determine if he/she is allowed to log onto the system from the specific host/IP address they are coming from.
The variables the UDC sets will work whether the logging on user is coming in via Telnet or NSVT (or hardwired or modem).
The TELLOPs also leave a nice log on the system console (and log file) of the login, including where they came from and what protocol was used to access the system.
***
LOGON
OPTION LOGON,NOBREAK,NOHELP
setvar _network_node ''
if bound(hpstdin_network_node) then
setvar _network_node '!hpstdin_network_node'
endif
setvar _na ''
setvar _at 'HARDWIRED'
if bound(hpstdin_network_addr) then
setvar _na '!hpstdin_network_addr'
elseif bound(hpremipaddr) then
setvar _na '!hpremipaddr'
endif
if bound(hplocport) then
if !hplocport=23 then
setvar _at 'TELNET'
endif
endif
IF BOUND(HPSTDIN_ACCESS_TYPE) THEN
SETVAR _AT "!HPSTDIN_ACCESS_TYPE"
ENDIF
IF BOUND(HPSTDIN_TRANSPORT_TYPE) THEN
SETVAR _TP "!HPSTDIN_TRANSPORT_TYPE"
ELSE
IF "!_AT"="TELNET" THEN
SETVAR _TP "TCP/IP"
ELSE
SETVAR _TP "SERIAL"
ENDIF
ENDIF
IF BOUND(HPVT_CLIENT_VENDOR) THEN
SETVAR _VND " (!HPVT_CLIENT_VENDOR)"
ELSE
SETVAR _VND " "
ENDIF
TELLOP LOGON VIA !_AT USING !_TP !_VND
setvar _node ups(ltrim(rtrim("!_network_node")))
setvar _addr ups(ltrim(rtrim("!_na")))
if '!_node'<>'' then
tellop !_at, IP: "!_addr" Node: "!_node"
else
tellop !_at, IP: "!_addr"
endif
setjcw cierror=0
continue
VALIDATEIPADDR
if !cierror<>0 then
echo
echo ************************************
echo ** NODE/IP CONTROL FILE CORRUPT **
echo ************************************
echo
bye
endif