Discussion:
BlockIP2 precedence
SUBSCRIBE MQSERIES PardhuNani
2013-08-10 18:09:07 UTC
Permalink
I ran some scenarios to test how BlockIP2 precedence works and this is the
lesson i learnt .Please review the below mentioned table as per your
experience and let me know incase of any changes required



Order Identity Mechanism(keyword) Notes
0 Userids Positive User Ids list
1 BlockUsers Negative user Ids list
2 Pattern Matching Pattern Matching from
incoming network connections
3 CON Connection Name
match
4 SSL Filtering based
on DN
5 BlockMqmUsers Block privileged users

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Sid Young
2013-08-10 21:26:08 UTC
Permalink
I thought up the original ordering when I re-wrote a big chunk of BLockIP
years ago, and submitted it to the original author for inclusion, it seamed
logical at the time to deny everything and then let certain categories in
if the patterns matched. If I rewrote it now I would use XML config files
and add blocking for any new "blockable" functionality after that.

I also added a lot more extensive loging so you could watch the activity in
real time using tail. I'm glad it still used in a lot of sites. Is it still
being maintained?

Sid



On Sun, Aug 11, 2013 at 4:09 AM, SUBSCRIBE MQSERIES PardhuNani <
pardhunani143-***@public.gmane.org> wrote:

> I ran some scenarios to test how BlockIP2 precedence works and this is the
> lesson i learnt .Please review the below mentioned table as per your
> experience and let me know incase of any changes required
>
>
>
> Order Identity Mechanism(keyword) Notes
> 0 Userids Positive
> User Ids list
> 1 BlockUsers Negative
> user Ids list
> 2 Pattern Matching Pattern
> Matching from
> incoming network connections
> 3 CON
> Connection Name
> match
> 4 SSL
> Filtering based
> on DN
> 5 BlockMqmUsers Block
> privileged users
>
> To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
> in the message body (not the subject), write: SIGNOFF MQSERIES
> Instructions for managing your mailing list subscription are provided in
> the Listserv General Users Guide available at http://www.lsoft.com
> Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
>




<http://z900collector.multiply.com/>

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Pardhu Nani
2013-08-11 02:37:53 UTC
Permalink
Yes sid,BlockIP2 security exit is used for authentication at many shops
till date .


On Sat, Aug 10, 2013 at 5:26 PM, Sid Young <sid.young-***@public.gmane.org> wrote:

> I thought up the original ordering when I re-wrote a big chunk of BLockIP
> years ago, and submitted it to the original author for inclusion, it seamed
> logical at the time to deny everything and then let certain categories in
> if the patterns matched. If I rewrote it now I would use XML config files
> and add blocking for any new "blockable" functionality after that.
>
> I also added a lot more extensive loging so you could watch the activity
> in real time using tail. I'm glad it still used in a lot of sites. Is it
> still being maintained?
>
> Sid
>
>
>
> On Sun, Aug 11, 2013 at 4:09 AM, SUBSCRIBE MQSERIES PardhuNani <
> pardhunani143-***@public.gmane.org> wrote:
>
>> I ran some scenarios to test how BlockIP2 precedence works and this is the
>> lesson i learnt .Please review the below mentioned table as per your
>> experience and let me know incase of any changes required
>>
>>
>>
>> Order Identity Mechanism(keyword) Notes
>> 0 Userids Positive
>> User Ids list
>> 1 BlockUsers Negative
>> user Ids list
>> 2 Pattern Matching Pattern
>> Matching from
>> incoming network connections
>> 3 CON
>> Connection Name
>> match
>> 4 SSL
>> Filtering based
>> on DN
>> 5 BlockMqmUsers Block
>> privileged users
>>
>> To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
>> in the message body (not the subject), write: SIGNOFF MQSERIES
>> Instructions for managing your mailing list subscription are provided in
>> the Listserv General Users Guide available at http://www.lsoft.com
>> Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
>>
>
>
>
>
> <http://z900collector.multiply.com/>
> ------------------------------
> List Archive <http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage
> Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1>-
> Unsubscribe<LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>
>
> Instructions for managing your mailing list subscription are provided in
> the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>
>

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
SUBSCRIBE MQSERIES PardhuNani
2013-08-12 12:48:47 UTC
Permalink
Guys,

I would request someone can help me on this ...

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Roger Lacroix
2013-08-13 02:55:59 UTC
Permalink
Hi,

> BlockIP2 security exit is used for authentication at many shops till date .

BlockIP2 does not perform authentication. It performs filtering on
IP address, SSL & UserID to block unwanted connections. Filtering is
not the same thing as authentication.

Regards,
Roger Lacroix
Capitalware Inc.

At 10:37 PM 8/10/13, Pardhu Nani wrote:
>Yes sid,BlockIP2 security exit is used for authentication at many
>shops till date .
>
>
>On Sat, Aug 10, 2013 at 5:26 PM, Sid Young
><<mailto:sid.young-***@public.gmane.org>sid.young-***@public.gmane.org> wrote:
>I thought up the original ordering when I re-wrote a big chunk of
>BLockIP years ago, and submitted it to the original author for
>inclusion, it seamed logical at the time to deny everything and then
>let certain categories in if the patterns matched. If I rewrote it
>now I would use XML config files and add blocking for any new
>"blockable" functionality after that.
>
>I also added a lot more extensive loging so you could watch the
>activity in real time using tail. I'm glad it still used in a lot of
>sites. Is it still being maintained?
>
>Sid
>
>
>
>On Sun, Aug 11, 2013 at 4:09 AM, SUBSCRIBE MQSERIES PardhuNani
><<mailto:pardhunani143-***@public.gmane.org>pardhunani143-***@public.gmane.org> wrote:
>I ran some scenarios to test how BlockIP2 precedence works and this is the
>lesson i learnt .Please review the below mentioned table as per your
>experience and let me know incase of any changes required
>
>
>
>Order Identity Mechanism(keyword) Notes
>0 Userids
>Positive User Ids list
>1 BlockUsers
>Negative user Ids list
>2 Pattern Matching Pattern
>Matching from
>incoming network connections
>3 CON
>Connection Name
>match
>4 SSL
> Filtering based
>on DN
>5 BlockMqmUsers
>Block privileged users
>
>To unsubscribe, write to
><mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org>LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
>and,
>in the message body (not the subject), write: SIGNOFF MQSERIES
>Instructions for managing your mailing list subscription are provided in
>the Listserv General Users Guide available at
><http://www.lsoft.com>http://www.lsoft.com
>Archive:
><http://listserv.meduniwien.ac.at/archives/mqser-l.html>http://listserv.meduniwien.ac.at/archives/mqser-l.html
>
>
>
>
><http://z900collector.multiply.com/>
>
>
>----------
><http://listserv.meduniwien.ac.at/archives/mqser-l.html>List Archive
>-
><http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1>Manage
>Your List Settings -
><mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>Unsubscribe
>
>
>Instructions for managing your mailing list subscription are
>provided in the Listserv General Users Guide available at
><http://www.lsoft.com/resources/manuals.asp>http://www.lsoft.com
>
>
>
>
>----------
><http://listserv.meduniwien.ac.at/archives/mqser-l.html>List Archive
>-
><http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1>Manage
>Your List Settings -
><mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>Unsubscribe
>
>
>Instructions for managing your mailing list subscription are
>provided in the Listserv General Users Guide available at
><http://www.lsoft.com/resources/manuals.asp>http://www.lsoft.com

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Loading...