It's all about the answers!

Ask a question

Is it possible to restrict access to some users coming from specific hosts using a IHS reverse proxy server?

Stephane Couillaud (15632344) | asked Mar 18 '16, 6:40 p.m.

The scenario is as follows:

We'd like for user "John" to have access to RTC from host "johnhost" only.   Any attempts to access RTC from other hosts should be denied for that specific user.

In a nutshell, I'm looking for a specific rule that says: Unless user "John" is coming from host "johnhost" then deny him access to RTC.

For instance, if user "Bob" were to let "John" open a browser session on his host "bobhost", IHS should deny "John" access to RTC.  The same would go for Visual Studio or Eclipse if these clients were to be available on host "bobhost"

Is that possible?  I know you can block a range of IP addresses but can it be specific to certain users only?

One answer

permanent link
Donald Nong (14.5k414) | answered Mar 20 '16, 8:32 p.m.
I really doubt that. IHS should know nothing about the HTTP content. Also, the username that you referred to is the Jazz username (I believe), which only becomes valid when a user successfully authenticates. This means that the user gets blocked _after_ he finishes authentication, which is a bit weird.

One of my clients is using Active Directory to control which machines from which the user can log on, with only partial success. This approach relies on where the authentication takes place. When you use a browser, the authentication actually takes place on the Jazz server, not the machine where the browser is running. So in case of a browser, it cannot be restricted.

You may use a firewall which should have more options than IHS in terms of blocking rules.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.