[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Removing restrictions within a ASP Script

Posted on 2014-07-11
14
Medium Priority
?
144 Views
Last Modified: 2014-12-20
So the person that scripted this ASP script, made it so that only certain ip address had access. what we need to do is open it so that everyone can access the database. How would I go about doing this? Do I need to open it up in the program that it was created or can I edit the code to remove the IP restriction?
7-11-2014-12-51-11-PM.png
0
Comment
Question by:Steve Lizardi
  • 5
  • 4
  • 3
12 Comments
 
LVL 34

Expert Comment

by:Big Monty
ID: 40191063
without seeing the code for the script, it's going to be impossible to help
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 40191076
You can grab the IP http://www.w3schools.com/asp/coll_servervariables.asp
REMOTE_ADDR or SERVER_NAME

The preferred way is

user_ip = Request.ServerVariables("remote_addr")

Open in new window


One way is to have an allowed list if IP's.  

authorized_ip = "no"
user_ip = Request.ServerVariables("remote_addr")
allowed_list = "1.1.1.1 ; 1.2.3.4 ; 1.3.1.2; "
if instr(allowed_list,user_ip)>0 then
    authorized_ip = "yes"
end if
if authorized_ip = "no" then
   response.redirect("/some_page.asp")
end if

Open in new window


OR

<%
authorized_ip = "no"
user_ip = Request.ServerVariables("remote_addr")
allowed_list = "1.1.1.1 ; 1.2.3.4 ; 1.3.1.2; "
if instr(allowed_list,user_ip)>0 then
    authorized_ip = "yes"
end if
%>
<div>stuff</div>
<%
if authorized_ip = "yes" then
%>
<div>private stuff</div>
<%
else
%>
<div>You can't do that here</div>
<%
end if
%>

Open in new window

Those are one of several options.  If you can show your code we can help you in more detail.
0
 

Author Comment

by:Steve Lizardi
ID: 40191119
here is the code. anyway to change it? I need to allow all of it.

Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")  ' Variable to hold the IP address

            ' IF Statement accepts those IP address with permission
            ' ELSE rejects all the other IPs
            'If ipAddress = "10.10.15.65" Or ipAddress = "10.10.15.70" Or ipAddress = "127.0.0.1" _
            '   Or ipAddress = "10.10.15.66" Then

Open in new window

0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 34

Expert Comment

by:Big Monty
ID: 40191122
everything is commented out so it's not blocking anyone from this code snippet (the apostrophe at the beginning of each line means its commented out).

are you sure there's nowhere else that could be doing it?
0
 

Author Comment

by:Steve Lizardi
ID: 40191145
I found some more let me see if it works now.
0
 
LVL 54

Accepted Solution

by:
Scott Fell,  EE MVE earned 2000 total points
ID: 40191231
Regardless of how this is done.    This is a a better solution.  

Create a new file called authorize.asp and place it in the top level of your site.  
<%
authorized_ip = "no"

' ****** enter the list of ip's here separated by a space and any character and a space.  ********
allowed_list = "1.1.1.1 ; 1.2.3.4 ; 1.3.1.2; "

user_ip = Request.ServerVariables("remote_addr")
if instr(allowed_list,user_ip)>0 then
    authorized_ip = "yes"
end if
if authorized_ip = "no" then
   response.redirect("/index.asp")
end if
%>

Open in new window


Next in all of your pages towards the top add this code.  Do not add this to your index page (or it will loop and error)
<!-- #include virtual ="/authorize.asp" --> 

Open in new window


Now what will happen is on every page, if somebody is not in the correct ip, they will be redirected back.  The advantage of this method is if you want to later add an ip or remove it, you just update one file.

Even if you just add it to your main log in page, it keeps things nice and separated.
0
 

Author Comment

by:Steve Lizardi
ID: 40191379
I am testing now. So it will bypass whatever code that was included before?
0
 
LVL 34

Expert Comment

by:Big Monty
ID: 40191387
if you want to open everything up you'll need to remove the code that was restricting everything by IP.

Scott's post was a suggestion on how to restrict by IP and not necessarily what you seem to want to do.
0
 

Author Comment

by:Steve Lizardi
ID: 40191410
I don't mind that if anyone can access it, but I don't want to mess with the code. Since the guy isn't here and we haven't been able to use it for the last year. We need to use it now. Any help would be great.
0
 
LVL 34

Expert Comment

by:Big Monty
ID: 40191412
again, without seeing the code and how it works, it'll be difficult to tell you how to get it to work
0
 
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 2000 total points
ID: 40191424
Yea, my code is to prevent people from coming to your site.    Originally, I posted what to look for.

BigMonty pointed out that your code is commented out.  So that what you showed is not preventing anybody.

It is possible you have multiple areas that are looking for the ip.    What you want to look for is something like Request.ServerVariables("remote_addr")

You will see the If  / Then statements.  It is important to follow the flow.  In the code you posted
 ' IF Statement accepts those IP address with permission
            ' ELSE rejects all the other IPs
            'If ipAddress = "10.10.15.65" Or ipAddress = "10.10.15.70" Or ipAddress = "127.0.0.1" _
            '   Or ipAddress = "10.10.15.66" Then

Open in new window

Make sure you also comment out the corresponding else/end if and just leave the good

If something = good then
    do this good thing
    else
    reject
end if

Open in new window

should be similar to below. I like to add something to remind my quickly what I did.
' **remove line ** If something = good then
    do this good thing  ' this line is not commented out
' **remove line **    else
' **remove line **    reject
' **remove line ** end if

Open in new window

Sorry for the confusion. But you probably want to post your entire page for Big Monty to look at.  I'm out for a while.
0
 

Author Comment

by:Steve Lizardi
ID: 40205335
I will post tomorrow. Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question