locked
Access-Control-Allow-Origin value ip address RRS feed

  • Question

  • User1487175000 posted

    Hi,

    I have a web service which handle some specific request. Problem is request is generated from other domain. So that i have to add the following web configuration in my web.config.

      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true" />
          <httpProtocol>
            <customHeaders>
              <add name="Access-Control-Allow-Origin" value="*" />
    	        <add name="Access-Control-Allow-Headers" value="Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"/>
            </customHeaders>
          </httpProtocol>
      </system.webServer>

    This configuration means i accept request from any domain. 

    Scenario:

    We have a local server in office which generate the request. So i have to set value to ip address not the full domain name. 

    Question: I have not seen any example where value set to ip address every where its set to some domain name. Is it possible i can set to ip address  or not. So i can only handle the request which is generated from my local server.

    /Shahid

    Thursday, November 3, 2016 9:29 AM

All replies

  • User283571144 posted

    Hi Shahid Majeed,

    Question: I have not seen any example where value set to ip address every where its set to some domain name. Is it possible i can set to ip address  or not. So i can only handle the request which is generated from my local server.

    According to your description, I suggest you could use IP address restrictions.

    You could restrict access to your site by creating a deny rule for all IP addresses, a specific IP address, a range of IP addresses, or a specific domain.

    For example, if you have a site on an intranet server that is connected to the Internet, you can prevent Internet users from accessing your intranet site by allowing access only to members of your intranet, and explicitly denying access to outside users.

    More details, you could refer to follow codes and link:

    <?xml version="1.0"?>
    <configuration>
       <system.web>
         .. existing text ..
         .. existing text ..
       </system.web>
       <system.webServer>
          <security>
            <ipSecurity allowUnlisted="true">    <!-- this line blocks everybody, except those listed below -->                
               <clear/> <!-- removes all upstream restrictions -->
               <add ipAddress="83.116.19.53"/>   <!-- block one IP  -->                
               <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>   <!--block network 83.116.119.0 to 83.116.119.255-->               
            </ipSecurity>
          </security>
          <modules runAllManagedModulesForAllRequests="true"/>
       </system.webServer>
    </configuration>

    More details, you could refer to follow link:

    http://www.stokia.com/support/misc/web-config-ip-address-restriction.aspx

    Or you could set it in IIS:

    1.Open IIS

    2.Open IP Address and Domain Restrictions:

    Best Regards,

    Brando

    Friday, November 4, 2016 3:21 AM