Removing restrictions within a ASP Script

So the person that scripted this ASP script, made it so that only certain ip address had access. what we need to do is open it so that everyone can access the database. How would I go about doing this? Do I need to open it up in the program that it was created or can I edit the code to remove the IP restriction?
7-11-2014-12-51-11-PM.png
Steve LizardiITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
without seeing the code for the script, it's going to be impossible to help
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
You can grab the IP http://www.w3schools.com/asp/coll_servervariables.asp
REMOTE_ADDR or SERVER_NAME

The preferred way is

user_ip = Request.ServerVariables("remote_addr")

Open in new window


One way is to have an allowed list if IP's.  

authorized_ip = "no"
user_ip = Request.ServerVariables("remote_addr")
allowed_list = "1.1.1.1 ; 1.2.3.4 ; 1.3.1.2; "
if instr(allowed_list,user_ip)>0 then
    authorized_ip = "yes"
end if
if authorized_ip = "no" then
   response.redirect("/some_page.asp")
end if

Open in new window


OR

<%
authorized_ip = "no"
user_ip = Request.ServerVariables("remote_addr")
allowed_list = "1.1.1.1 ; 1.2.3.4 ; 1.3.1.2; "
if instr(allowed_list,user_ip)>0 then
    authorized_ip = "yes"
end if
%>
<div>stuff</div>
<%
if authorized_ip = "yes" then
%>
<div>private stuff</div>
<%
else
%>
<div>You can't do that here</div>
<%
end if
%>

Open in new window

Those are one of several options.  If you can show your code we can help you in more detail.
0
Steve LizardiITAuthor Commented:
here is the code. anyway to change it? I need to allow all of it.

Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")  ' Variable to hold the IP address

            ' IF Statement accepts those IP address with permission
            ' ELSE rejects all the other IPs
            'If ipAddress = "10.10.15.65" Or ipAddress = "10.10.15.70" Or ipAddress = "127.0.0.1" _
            '   Or ipAddress = "10.10.15.66" Then

Open in new window

0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
everything is commented out so it's not blocking anyone from this code snippet (the apostrophe at the beginning of each line means its commented out).

are you sure there's nowhere else that could be doing it?
0
Steve LizardiITAuthor Commented:
I found some more let me see if it works now.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Regardless of how this is done.    This is a a better solution.  

Create a new file called authorize.asp and place it in the top level of your site.  
<%
authorized_ip = "no"

' ****** enter the list of ip's here separated by a space and any character and a space.  ********
allowed_list = "1.1.1.1 ; 1.2.3.4 ; 1.3.1.2; "

user_ip = Request.ServerVariables("remote_addr")
if instr(allowed_list,user_ip)>0 then
    authorized_ip = "yes"
end if
if authorized_ip = "no" then
   response.redirect("/index.asp")
end if
%>

Open in new window


Next in all of your pages towards the top add this code.  Do not add this to your index page (or it will loop and error)
<!-- #include virtual ="/authorize.asp" --> 

Open in new window


Now what will happen is on every page, if somebody is not in the correct ip, they will be redirected back.  The advantage of this method is if you want to later add an ip or remove it, you just update one file.

Even if you just add it to your main log in page, it keeps things nice and separated.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve LizardiITAuthor Commented:
I am testing now. So it will bypass whatever code that was included before?
0
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
if you want to open everything up you'll need to remove the code that was restricting everything by IP.

Scott's post was a suggestion on how to restrict by IP and not necessarily what you seem to want to do.
0
Steve LizardiITAuthor Commented:
I don't mind that if anyone can access it, but I don't want to mess with the code. Since the guy isn't here and we haven't been able to use it for the last year. We need to use it now. Any help would be great.
0
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
again, without seeing the code and how it works, it'll be difficult to tell you how to get it to work
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Yea, my code is to prevent people from coming to your site.    Originally, I posted what to look for.

BigMonty pointed out that your code is commented out.  So that what you showed is not preventing anybody.

It is possible you have multiple areas that are looking for the ip.    What you want to look for is something like Request.ServerVariables("remote_addr")

You will see the If  / Then statements.  It is important to follow the flow.  In the code you posted
 ' IF Statement accepts those IP address with permission
            ' ELSE rejects all the other IPs
            'If ipAddress = "10.10.15.65" Or ipAddress = "10.10.15.70" Or ipAddress = "127.0.0.1" _
            '   Or ipAddress = "10.10.15.66" Then

Open in new window

Make sure you also comment out the corresponding else/end if and just leave the good

If something = good then
    do this good thing
    else
    reject
end if

Open in new window

should be similar to below. I like to add something to remind my quickly what I did.
' **remove line ** If something = good then
    do this good thing  ' this line is not commented out
' **remove line **    else
' **remove line **    reject
' **remove line ** end if

Open in new window

Sorry for the confusion. But you probably want to post your entire page for Big Monty to look at.  I'm out for a while.
0
Steve LizardiITAuthor Commented:
I will post tomorrow. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.