How can I make a task module app accessible only within Teams? - microsoft-teams

I have a web app that is accessed within a bot on Teams as a task module. I would like this app to only be accessible within a task module and restrict access for anyone else. So far I've added firewall rules to whitelist the IP address range that Teams uses - however I was able to confirm that for task modules Teams does not use their IP range but rather the user's IP. Is it possible to restrict access to only task modules? Thanks

Related

Restrict public web application access to specific dynamic source IP addresses

I'm developing a web application using Laravel hosting on a public cloud. Now, the application can be accessed publicly on the internet via domain address. However, I want to restrict to only users who are connecting to the organization networks to be able to use the application since we do not want the application to be used at home or elsewhere.
At the moment, the organization has 2 places (2 public internet networks) where they must be able to access to the application. Both of them are using home-standard internet where IP address changes every time the internet reconnects. As we do not have static IP addresses, I cannot filter user by using IP address filter. The IP filter rule must be changed every time when the organization network reconnected.
My application already have solid authentication and authorization mechanism and, of course, the users must know this information since they must access the app for work. However, this doesn't meet the requirement.
I have thought about the VPN but it (probably) doesn't not work because if we allow user the access to the VPN, they still be able to access the VPN anywhere and use the application outside the work places. If we restrict the VPN client to access from specific IP address, then when the IP changes, the same problem occurs.
To sum up, I would like to ask for the advice on how to restrict the access of web application, hosted on public internet, to the users that are connecting from the public IP address that can change every time when the internet reconnected. The requirement may sound strange but it is as it is. Please feel free to ask for more details if you want to and have a discussions on the suggestions.
Thank you in advance.
You could setup a client for a dynamic dns service (e.g. dyndns) on the client-side.
Then you could use that on the server-side to always check against current IP using that dns.
As alternative you could bind the website to localhost only and only let it be accessed via an pubkey-enforced SSH tunnel (and make that get auto-established by a script/scheduler on the client side, on a permission level outside of the users' reach, so that they can't take the private key needed for the connection anywhere)
You can use different PHP methods and variables to detect from where the request has been originated. Just whitelist your domains and organizations, and allow only them by adding a middleware.
Additionally, you can generate a token using Laravel Passport or you can create your own mechanism, and then use that token to authenticate if the request is valid or not.
Since the IP changes, you can setup a dynamic dns or as suggested on the comment above.

Automatically assign Elastic IP from a pool of IPs to auto scalling instance

I am trying my hand at autoscalling and all is well except that I need all of my instances to be assigned an elastic ip (this is for my payment gateway which needs to know all IPs that we are using.)
Im happy to add say 8 elastic ips to my account but what I need is a facility to auto assign one of these to the instance as it boots up and then release it as it switches off.
I guess I need a startup script but this is beyond my knowledge of AWS (so far I do everything through the web console).
Any samples/help appreciated!
If your gateway is deployed in the same Amazon account as your servers, you might want to look at a VPC solution where you can control the instances' private IPs using masks.
If that is not an option, you will need to write a script, which you should add to the Launch Configuration's User Data.
In this script you can use AWS CLI to find which IP Addresses are available using describe-addresses, and use one of them to associate to your newly created instance using associate-address.

How to access an Orchard multi-tenant site externally on the same network

I've got multi tenancy set up on my Windows 7 machine using Orchard 7.1 and IIS 6.1 which I can access locally no problem.
They relevant sites are all added within the bindings of the applicationhost.config file, as well as the computers' host file and therefore show up as they should by accessing the url.
I have previously had a single tenant set up on my machine that meant I could access on my network, which was done by adding the site to IIS then binding to localhost/my ip address etc.
However the issue I am having is how to access these sites via a mobile device/another computer (on the same network) now that I have set it up for multiple tenants.
Any help appreciated
Liam
You'd need some sort of naming service inside your network, something like Bonjour.
Short of that, I guess you'd have to configure those other machines one by one so their hosts files point to the server.
One final possible possibility may be to simply use DNS. There is no reason why you couldn't use a domain that you control to map several names to local addresses such as that of your server.

Google API : live server firewall ip address ranges

We are calling Google api via https://www.googleapis.com for social login on our website. Everything works fine upto staging , however on Live server due to firewall restriction api calls are throwing socket exception.
What is the best way to configure our live server to allow connectivity to Google.
Is there a list of ip addresses . How can I make sure it's all up to date.
Note: You must be using Google Maps for Work (paid) in order to host maps on a website that is behind a firewall. Otherwise you are in breach of the terms of service.
As for configuring your firewall, Google will provide you with all of the settings that are needed. You don't need to make constant changes to keep it working.
The primary source of information for configuring your firewall is found here: https://developers.google.com/maps/documentation/business/articles/prelaunch_checklist#firewall
Configure Firewall to Allow Access to the Google Maps API Services
Why it's important: The Maps API services use a variety of domains, some which do not belong to the *google.com domain. If you are behind a restrictive firewall, it is important you understand which Maps API services use which domains.
Failure to allow access to the correct domains will cause API requests to fail, which can break your applications. For a complete listing of domains used by the Maps APIs, please consult our portal resource (login required):
Log in to the Google Enterprise Support Portal
The support portal is only available to Google Maps API for Work users.
Navigate to the "Resources" tab
Select the Resource called "List of domains used by the Google Maps API Family."
You should allow your applications to access these domains.
Please note that we do not recommend managing firewall restrictions by IP address, as the IPs associated with these domains are not static.

How do i allow my users to use custom domains on AppHarbor?

Free users will get a url like user1.myapp.com
The paid ones will be able to point their domains to my app. And my app will serve specific content based on the domain name.
Is this possible with AppHarbor? Is yes how?
Yes, it is possible to use custom hostnames on AppHarbor.
If you go to the list of your applications on AppHarbor and click the application, you can click "Hostnames" in the navigation shown left. When you add a hostname there will be instructions on how you need to configure the DNS.
The DNS can be configured in two ways:
You can use an A record which will point the domain to the IP address. This is required for root domains (example.com).
You can use a CNAME record which will reference the existing A record AppHarbor maintains, which is better in most cases as you'll not need to maintain DNS yourself.
There is currently no way to add hostnames via the API, although you can easily wrap something up that will issue HTTP requests similar to those of the website.

Resources