New post
Question
· Sep 3, 2020

access the ip address of a machine that run my URL in python

#Python #InterSystems IRIS

i want to restrict certain IPs (ip for now and looking for more such parameters) from running my URL for security purposes...

i wanted to know how to access their ips and compare them with the list of restricted IPs, also if not IPs are there any other unique browser parameters which can be used for access control? and enhance security

Discussion (2)2
Log in or sign up to continue
Robert Cemper · Sep 3, 2020

The Native API connects to IRIS by starting a background JOB
In namespace %SYS you can have access to every fresh started  job.
The routine name is %ZSTART.mac.
You have to create it if not existing yet or to adapt it.
My example is just reduced to your case.
Writing a log in global ^%CHECK is just for testing.
I used Native API and also Studio for testing.

%ZSTART ; User startup routine.
#; cannot be invoked directly
    quit SYSTEM ;
#; InterSystems IRIS starting
    quit
JOB ;
#; JOB'd process begins
    new ipaddr,halt
    set ipaddr=$system.Process.ClientIPAddress()
    set halt=(ipaddr="172.17.0.2")
    set ^%CHECK($I(^%CHECK))=$lb(halt,$job,$ZDT($zts,3,,3),ipaddr,$znspace,$io)
#; add here all checking for allowed IP Address
#; halt if access is not allowed
    if halt halt
    quit
CALLIN ;
#; connect over CALLIN
    quit
LOGIN ;
    quit

This is a test result with Studio and 2 Native API. One  blocked and the other allowed.

^%CHECK=5
^%CHECK(1)=$lb(0,"15044","2020-09-03 16:22:54.667","192.168.0.9","USER","|TRM|:|15044")
^%CHECK(2)=$lb(0,"17100","2020-09-03 16:23:41.247","192.168.0.9","%SYS","|TCP|51773|17100")
^%CHECK(3)=$lb(0,"9880","2020-09-03 16:24:20.612","192.168.0.9","%SYS","|TCP|51773|9880")
^%CHECK(4)=$lb(1,"19544","2020-09-03 16:24:41.925","172.17.0.2","%SYS","|TCP|51773|19544")
^%CHECK(5)=$lb(0,"3268","2020-09-03 16:25:27.691","172.17.0.3","%SYS","|TCP|51773|3268") 
2 0
Patrick Jamieson · Sep 3, 2020

This may be overkill for your application, but managing access control is a perfect match for the capabilities of InterSystems API manager. There you can filter access by IP addresses, users, and groups. IAM provides a rich set of plugins for creating a security framework and much more. Check out this documentation: if you are interested: https://docs.intersystems.com/irisforhealth20202/csp/docbook/DocBook.UI....

0 0