IP based authentication
Overview
Almost all the proxy applications restrict access based on the IP address. Most of the organizations network administrator would always prefer to block access to a specific address or range of addresses that he/she suspect belong to malicious individuals.
You can block access to a specific IP address or range of IP addresses to secured web access. SafeSquid SWG allows you to control single IP address or range of IP address using Access Restrictions section which is under Application Setup side menu.
SafeSquid SWG won't let your current IP address get locked out, hence SafeSquid warns you and refuses your policy insert. If you're inside of a corporate intranet, be very careful about setting up your IP policies. The IP address you see on your own computer (like 192.168.0.10) generally bears no relationship to the IP address you'll actually appear as out on the internet. Your company likely proxies and/or NATs your address into a predictable set of outbound addresses which you'll likely need to ask your network team about.
A user whose access is restricted based on an access policy should get block template on browser.
Prerequisites
To check the scenario, make sure that your IP address is not already added inside the Access restrictions section.
Access the SafeSquid User interface
Go to Access restrictions
Go to configure page from SafeSquid WebGUI and open Access Restrictions section which is under Application Setup side menu.
Go to Allow list
To create new policy, go to Allow list subsection.
Create New Policy
Click on Add New icon situated on bottom left corner to create new policy.
Enter your IP address inside IP Address field. You can also specify comma separated lP address or range of IPs.
You need to specify unique User-Group name inside Add to User-Groups field. Here we have specified IP BASED AUTHENTICATION in Add to User-Groups field.
Testing
To test the scenario, try to access any website from your mentioned IP address (here 192.168.0.10). You will get authentication prompt. You have to specify Username and Password of your Linux machine.
Further in your policy if you mention Username and Password in the field, then only this user will be allowed to access the web.
Related Articles
Create User Groups based on network IP and LDAP (Active directory)
Overview SafeSquid's Access Restriction section provides you an option to divide your users into specific user groups and use that user groups to define different set of Access Rules to that specific user groups. You want to define an access ...Define User Groups that include or exclude users based on their Network IP
Overview Creating User Groups based on their network IP Prerequisites Note: Avoid Locking Yourself to SafeSquid Interface When You Are Configuring Policies in Access Restrictions Access The SafeSquid User Interface Go to Configure Page Go to ...Define User Groups That Correspond To Role-based Groups In LDAP
Overview Creating User Groups based on LDAP users or Groups and enabling SSO authentication for that user. Prerequisites Integrate LDAP server with SafeSquid. If not see our document - Integrate Active Directory for SSO Authentication Note: Avoid ...Kerberos SSO Authentication Setup
The main aim/objective of this particular authentication is that the user doesn’t have to enter its credentials the software will automatically detect from which user group does the user belong and will set the restrictions accordingly. Overview ...Validate IP addresses and the systems are reachable on the network
Getting Started - The Preparatory Steps To keep the discussion easy to understand and replicate, we will use an example, and set out the process in ordered sequence of steps. We will also include steps for validating to ensure if any of the steps may ...