IP Authentication

Introduction

The "AuthenticateIPOnly" mode of mgiAuthenticateDB allows you to grant access to pages based on the visitor's IP number or range. You may also block access to a page based on the visitor's IP number or range.

If the visitor accesses a protected page from an allowed IP, the page displays. If the visitor accesses the page from an IP that is specifically denied an error displays. If the allowedIP parameter is not included, the page displays for visitors from IP addresses that are not specifically denied. If the deniedIP parameter is not included, an error displays for visitors from IP addresses that are not specifically allowed.

The following is a generic example of IP authentication of a page.

MGI Tags

Steps

  1. Open the page to protect in a text editor.
  2. Insert the mgiAuthenticateDB tag in AuthenticateIPOnly mode.
  3. Save the page.
  4. FTP the page to the web server running MGI.
  5. View the page in a browser.


Step 1: Open the page to protect in a text editor.

Open the page you wish to protect via IP number or hostname in a text editing program that allows you to view and modify the HTML and code of the page.

Step 2: Insert the mgiAuthenticateDB tag in AuthenticateIPOnly mode.

At the top of the page, enter the mgiAuthenticateDB tag, mode parameter, allowedIP parameters, and deniedIP parameters.
 
In the mode parameter, enter "AuthenticateIPOnly". At least one allowedIP or deniedIP parameter is required. To allow a specific IP or range of IPs, enter the IP in an allowedIP parameter. To deny a specific IP or range of IPs, enter the IP in a deniedIP parameter. You may use the asterisk (*) as a wildcard in any part of the IP number to represent the full range of an IP block. For example, if you want to allow all visitors from the "205.160.14" Class C block to access a page, you would enter "205.160.14.*" as the parameter value. You may also use multiple allowedIP and deniedIP parameters in one mgiAuthenticateDB tag to create any combination of allowed and denied IPs you prefer.
 
Should an IP number fall within more than one allowedIP or deniedIP parameters, the most restrictive parameter will execute. For example, if you have an allowedIP for "205.160.14.*" and a deniedIP for "205.160.14.230", then a visitor from "205.160.14.230" will be denied.
 
The following example allows all users from the "205.145.26.*" Class C block and the "206.125.12.*" Class C block and denies access to the users "205.145.26.15" and "206.125.12.145".
<mgiAuthenticateDB mode="AuthenticateIPOnly" 
allowedIP="205.145.26.*" allowedIP="206.125.12.*" 
deniedIP="205.145.26.15" deniedIP="206.125.12.145">

Step 3: Save the page.

Save the changes you have made to the page.

Step 4: FTP the page to the web server running MGI.

Upload the page from your local computer to the web server using an FTP program.

Step 5: View the page in a browser.

Access the IP authenticated page in a web browser. If your IP address matches an allowed IP address or range and does not match a denied IP address or range, the page displays. If your IP address does not match an allowed IP address or range or does match a denied IP address or range, an error displays.


[Return to the Authentication Menu]


[Understanding MGI Menu] [Using MGI Menu] [Referencing MGI Menu]


[MGI Guides Main Menu] [User Guide Main Menu]