Greetings all,
I would very much like to determine the IP# of a domain from client script.
It's for use in a testing application to determine whether or not a certain domain is set to a QA address as opposed to the address live on the . The testing machine will have it's host file set to resolve a domain to the QA address.
Pinging from the server won't help since the server is getting the public DNS address.
Is this possible in JavaScript? Maybe a Flash could do the trick?
Have a look at Smart IP Api. Seems to do everything you're looking for and has some simple tutorials.
Related
I've looked at the existing questions/responses in StackOverFlow and there were no working answers so I'm posting this question. Our website is an C# MVC site that uses Javascript for validation etc.
The scenario is this:
We want to display a message in our external website to users (employees) who are actually accessing it from within our office network. The message would remain hidden for users who are outside our network (general public).
Please note that an internal office user is going out to the internet and hitting our external website so they would have a public IP address (not their local network IP) and I can't rely on that public IP address remaining consistent so I can't use the IP as the determining factor.
I would think that this would require a client-side solution but I've looked into JS possible solutions and none have worked.
Can anyone think of a way to determine if the user visiting out external website is an employee or part of the general public?
I don't have enough reputation to comment, however putting anything inside a JS file would still be visible if someone was to inspect it in their browser since it's essentially downloaded when the client browses the site. Just ensure nothing sensitive is added to the message such as a link to an employee only portal, as you'll expose the URL for potential attacks.
You could set up a 'beacon' on a machine in your local network. It would connect to your web server every 5 seconds, and inform your web server of the dynamic IP address that your office network is currently being assigned by your ISP to access the external internet.
Now, your web server knows which IP address to display the special message to.
Note that you will need to check that your office internet service provider is not using Carrier-Grade NAT. This will cause an issue, because a member of the public might be assigned an originating IP address that is the same as one used by people on your office network.
Another approach would be to set up a proxy server inside your local network, which would inject a special header into outgoing requests to your public web server if it sees that the request originates internally. You would configure your office router to force all web traffic through this proxy. The proxy would need to have a valid HTTPS certificate for the web server's domain name, so that is able to alter HTTPS traffic.
Thanks everyone for your suggestions. I ended up going a slightly different route which I has seen suggested in another post on another website I believe...I just didn't know if it would work but it does seem to work.
I put a reference to a .JS file that sits on one of our internal network servers . That JS changes the display value for the message I want do display which is initially hidden. So for the general public the message remains hidden, but for anyone on our network it will unhide the message.
I searched for a few options on my issue but couldn't find any useful information unfortunately.
Here is my issue:
Suppose I have 1x computer that runs a rest service on a specific port lets say 5555, running in a private network.
Now I have a frontend/browser application (javascript) that could be opened with a mobile phone or computer. When a device is connected to the same network (suppose wireless) and opens the frontend application it should discover in any way the rest service of the other computer, but I can't find a solution to that challenge.
So I can't find the sevices' ipv4 in the network since the webRTC workaround got smashed. I would have to traverse all possible private ip ranges to find that running service, which seems like an overkill.
Anyone got any idea how to solve this challenge?
Most web apps actually use the port-scan approach, which you are trying to avoid. I could think of some other approaches:
Have the service also publish an mDNS service under a specific name, e.g. foo.local. Your web app can simply have a static configuration using that hostname. This will, hovewer, require you to be able to control the service and your network/host need to be capable of using mDNS.
Require the admin of the service to register the local IP adress in a public DNS server. This will require manual config of the URL in the web app, but you can at least avoid dealing with discovering the address.
What you are talking about is sort of network scan, which is a security issue if you can do it, though it is usually possible in home networks. I would add a DNS server for that local network and use a local domain name to access the service. I don't know any other standard way to propagate where the service is.
I have an app running on a server where I access using the servers ip. But now I need to have a subdomain configured in order to make an external API work but I have no clue of how achieve it.
Now I access to my server using IP -> XX.XXX.XXX.XXX:3000
And I need to change it for something like -> myapp.companyname.com
You don’t, because the Internet doesn’t work that way.
You create the subdomain by configuring the DNS server for the domain to point that subdomain at the IP address.
If you want to change the port number (from the default of 80 to 3000) without putting it in the URL itself, then you need to change the Node.js program or put a proxy server in front of it.
This is indeed a notorious problem with distributed web development. Presumably your API requires you to register your own hostname in some sort of allow-list, and then checks incoming requests for matches to that allow-list. (Why? Cybercreeps.)
You need to find out the IP address of your development machine (not 127.0.0.1, that's the loopback IP and every machine has it). It's OK if your development machine's address is on a private network, like '192.168.0.20for example. Give the commandifconfigand look for the address (it'sipconfig` on Windows).
You then need to put that IP address into a DNS server.
Here's a free way to do that.
Create a FreeDNS account by visiting https://freedns.afraid.org/
Click on Subdomains.
Click the Add link.
Create a subdomain hostname under one of FreeDNS's public domains. Maybe javier.ortega.mooo.com is a good choice
Put your machine's IP address into it.
Then, use https://javier.ortega.mooo.com:3000 to hit your development machine's nodejs app.
You can pay FreeDNS to register your own domain name and use that if you prefer.
The solution I needed was modifying the file hosts from -> system32/divers/etc/hosts and adding there the configuration relative to the ip - domain relation I was lookin for.
Please excuse any ignorance on my part, I am very new to SSL and Javascript, so what I am asking may be obvious. I have tried to Google but can't seem to find the answer to my question.
Background
Basically, I have a website, with a subdomain that holds a rental car booking engine in an iframe, which is called from an external location using Javascript. We recently moved to SSL and now the booking engine does not display as it is deemed unsecure by web browsers.
I contacted the company that manages the booking engine and they advised that I needed an SSL for the subdomain, which they can load at their end as well (I bought a single domain, not a wildcard, my mistake), and I needed to purchase a static IP on their server. They sent me a quote for €130 per year for and a static IP.
My very limited knowledge of SSL seems to suggest that a static IP is not required, however I am probably wrong about this.
Question
Do I need the static IP for the SSL to work, or will the wildcard SSL resolve the issue?
I understand that the SSL for the subdomain is required, I just can't find an answer for the static IP.
Basically, I don't fully trust the company as they have tried to add unnecessary charges to invoices in the past.
Thanks in advance
Yes, you have to add SSL certificate to your subdomain to make browsers detect its safe, since the calls will be made to a non SSL domain from a SSL certified domain. I would suggest you to take a look at Lets Encrypt which provides free ssl and you can add as much sub domains as you want. I am using it for one of my projects and have added more than 5 ssl certifactes for subdomains.
I'm running a web app where users can request a map with their position through gps. In order to do that browsers like Chrome and Safari require an HTTPS protocol, not just http, otherwise call to JS function "getCurrentPosition" will fail. (but on Firefox, for example, it's working)
First question: are there any other possibilities to get user location (through gps, not just by ip)?
If not, the only way (I think) is to switch to https.
Now, app is running on a cheap shared hosting (and I can't do anything about that right now), the only thing that I can do is purchase an SSL certificate in order to enable https protocol.
Second question: hosting offers both ssl certificate with dedicated ip and without dedicated ip. Which is the difference? Well, I know what's a dedicated ip, but for my needs (website + this small app) which advantage could I have from a dedicated ip?
Third question: if I choose a certificate from another CA then I need root access to server in order to install it, is it right?
Last one: some hostings offer SSL with identity verification and without it, how theese last work? I mean, https should't guarrantee encrypted connections with a verified website?
If you have any links please post them, most of resources that I found are too old and they don't talk about acquiring gps data with JS.
Thanks a lot!
EDIT: just for completion: this page is about this deprecated js call for non-secure site. Are there other possibilites to get same result?
First question: are there any other possibilities to get user location
(through gps, not just by ip)?
You can track users’ real time location by using Google Maps APIs, I hope below links will help you.
Using Google Map Tracks API
https://developers.google.com/maps/
Second question: hosting offers both ssl certificate with dedicated ip
and without dedicated ip. Which is the difference? Well, I know what's
a dedicated ip, but for my needs (website + this small app) which
advantage could I have from a dedicated ip?
In the past, SSL requires dedicated IP to secure web applications. But in the mean time, SSL doesn’t require dedicated IP due to SNI technology. If your website hosted on shared IP address, then SNI permits a server to implement multiple certificates on a single IP address.
There are plenty of advantages using a dedicated IP instead of shared IP - read this article
Third question: if I choose a certificate from another CA then I need
root access to server in order to install it, is it right?
Whether you continue with current provider or new one, you don’t need root access of server in order install an SSL certificate.
Last one: some hostings offer SSL with identity verification and
without it, how theese last work? I mean, https should't guarrantee
encrypted connections with a verified website?
All SSL certificates are come with industry standard 256 bit encryption and ensures about encrypted connections. There is varying upon their validation process as below.
Domain Validation Certificates - CA will follow automated validation process and confirm only your control over the domain. You will get this certificate in just minutes.
Business Validation Certificates - CA will check your business existence by verifying official documentations. CA will take 2 to 3 business days to issue your certificate.
Extended Validation Certificates - CA will follow strict validation process and validate legal, physical and operational identity of business. EV SSL will enable most visible sign “the company name in the green address bar”, it will increase trust of your website visitors.
I hope this will helpful for you!