OK, firstly bear in mind IP's can be spoofed If you need real security you'll need to think seriously about what you need to do, but if you want basic IP security this is an easy way
Have an IPLIST.CFM, like below creating a list of IP addresses <cfset iplist = "100.100.100.100,100.100.100.101> Have another page SECURE.CFM, getting the IP address using cgi.remote_host <!--- get the IP---> <cfset userip = cgi.remote_host> <!--- Include the IPLIST ---> <cfinclude template="iplist.cfm"> <!--- check if the IP is in the IPLIST list variable (defined in iplist.cfm)---> <cfif listfindnocase(iplist,userip) eq 0> <!--- not found, redirect them ---> <cflocation url="login.cfm"> </cfif> <!--- ip address found, let them continue ---> HTH Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 03 October 2003 14:43 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] IIS question er. yes thats the idea. User comes to page. If they are in acceptable ip range they get page if not they must login Thats what I want. Ideally done in IIS (but I don't think this can be done) or CFMX if all else fails I am not IIS techy enough to get this going. I am reading the CFMX manual on this one to see what I can do. Ideally I want to achieve this scenario. Users in schools on our own network will not need to login (acceptable IP Address) Users on the web will need to login (unacceptable IP Adress) Users on the web that use our portal (BGFL+) won't need to login as they already have to gain access to porta and we know who they are. This info then passed to login security for whatever application needs it. The advantage here is that once the user is authenticated to BGFL+ we can use one IIS account to send the username password info. Otherwise its create thousands (I mean thousands) of accounts .... :( Regards - Paul **************************************************************************** ********************* The information contained within this e-mail (and any attachment) sent by Birmingham City Council is confidential and may be legally privileged. It is intended only for the named recipient or entity to whom it is addressed. If you are not the intended recipient please accept our apologies and notify the sender immediately, or telephone +(44) 121 303 6666. Unauthorised access, use, disclosure, storage or copying is not permitted and may be unlawful. Any e-mail including its content may be monitored and used by Birmingham City Council for reasons of security and for monitoring internal compliance with the office policy on staff use. E-mail blocking software may also be used. Any views or opinions presented are solely those of the originator and do not necessarily represent those of Birmingham City Council. We cannot guarantee that this message or any attachment is virus free or has not been intercepted and amended. **************************************************************************** ********************* -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
