I am wondering if is possible to restrict form access based on user's IP address, because we have the need to limit certain forms (not all the forms) to be accessible only within our organization's firewall. How to accomplish this? Any feedback is appreciated.
(Not only require users to logon to the domain, which we already did it).
If you are requiring users to log in to the domain, you can collect their Gateway -HTTP User information and restrict access based on this information. See our help guide under special - Gateway - HTTP User: http://www.perfectforms.com/Documentation/manual/html/?special_fields__properties.htm.
When the form opens, set a field with the HTTP User name and then filter accordingly.
Thank you, Dennis! We have previously incorporated Gateway-HTTP User to ensure the form is accessible only from valid users on our Active Directory. This however does not ensure users of this form is currently located within our organization's firewall, since user can log on from inside or outside of the firewall, because no IP address of the user session is collected or compared. Or, have I missed anything?
We have forms that need to be accessible from anywhere without restriction, but some forms needs to be restricted based on IP. I am wondering if there is a way to use client IP as parameter for processing or authentication purposes?
Here is an idea: The Connection Agent can be configured to allow or restrict specific IP addresses. If you know all of the IP's you want to restrict, you can do it in the configuration of the Connection Agent. When the form opens use a connection behavior. If no value is returned, close the form.
Thank you, Dennis for this suggestion. I however still have a question regarding this, I would assume the Access Restriction rule change from the config.xml will impact ALL the forms; or if there is a way to restrict access based on the individual database connection, for example, certain database access has to be from within the firewall, but others are no IP restriction. etc. Thanks!
You have two choices:
1) Only use the connection in the forms that need to be restricted.
Or if you want someone at that IP to be able to use some connections, but not all: 2) Create a second installation of the Connection Agent. In your dashboard you can create connections/Actions to more than one installation of a Connection Agent. This second Connection Agent can restrict the IP's and be used in your restricted forms.
