I'm trying to setup a SOCKS proxy on wingate, and I'd like to restrict the clients allowed to certain ip ranges, ideally expressed in CIDR notation.
Looking around, I don't see a easy way to do this - am I missing something?
My current approach:
I'm trying to setup a policy, that uses a JavaScript script to compare the IP Address of the client to a global data list, which would contain the list of address ranges in CIDR notation (192.168.1.0/24). I've got a script that should work (and works when testing outside Wingate), but when it tries to run I get "Error parsing script". This is just using a list hard-coded into the script, before I tried to get a global data list working (it wasn't clear if that would work the way I was expecting).
Here's my script:
- Code: Select all
//return true or false depending on whether you wish the
//'Yes' or 'No' path to be taken
function filter(User, Binding, Session, Event)
{
function IsIpInCidr(ip, cidr)
{
var cidrIp = cidr.split('/')[0];
var cidrSm = cidr.split('/')[1];
return (IPnumber(ip) & IPmask(cidrSm)) == (IPnumber(cidrIp) & IPmask(cidrSm));
}
function IPnumber(IPaddress) {
var ip = IPaddress.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/);
if(ip) {
return (+ip[1]<<24) + (+ip[2]<<16) + (+ip[3]<<8) + (+ip[4]);
}
return null;
}
function IPmask(maskSize) {
return -1<<(32-maskSize);
}
var i;
var list = ["192.168.1.0/24", "192.168.2.0/24"]
for (i in list) {
if (IsIpInCidr(Session.ClientIP, list[i])) {
return true
}
}
return false;
}
Anyone have any insights? A better way to do this, or a way to make my script work?
Thanks,
Drew