From user-return-3710-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Tue Apr 10 14:31:32 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id E9B5918064C for ; Tue, 10 Apr 2018 14:31:31 +0200 (CEST) Received: (qmail 55426 invoked by uid 500); 10 Apr 2018 12:31:31 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 55417 invoked by uid 99); 10 Apr 2018 12:31:30 -0000 Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Apr 2018 12:31:30 +0000 Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com [209.85.215.52]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id D2A912AF1 for ; Tue, 10 Apr 2018 12:31:29 +0000 (UTC) Received: by mail-lf0-f52.google.com with SMTP id q5-v6so11400391lff.12 for ; Tue, 10 Apr 2018 05:31:29 -0700 (PDT) X-Gm-Message-State: ALQs6tDgwDzO9cZhM0yVP9CXwQm1HOr81PAuvSmXR8589oI7V3XWlqaT TF1XtnDPUzBly+o/uqeXo9yZ2SzbhePMf0pPQ/A= X-Google-Smtp-Source: AIpwx4/L/DF7zuZH8hBwBF0Jprx2WKsRXWPeq8SWa6bJRlopJfuYl8Hf8sIrCZ9XNQkzfa7VMr8TUDhk4kDp6Xwd0/8= X-Received: by 10.46.134.25 with SMTP id a25mr126683lji.87.1523363488256; Tue, 10 Apr 2018 05:31:28 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:547:0:0:0:0:0 with HTTP; Tue, 10 Apr 2018 05:31:27 -0700 (PDT) In-Reply-To: References: From: Nick Couchman Date: Tue, 10 Apr 2018 08:31:27 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Select User Connection Restricted by Source IP To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="f4f5e80ed90494d89405697db394" --f4f5e80ed90494d89405697db394 Content-Type: text/plain; charset="UTF-8" On Mon, Apr 9, 2018 at 11:15 AM, Steven Galante < steven.galante@stonybrook.edu> wrote: > I understand this is counter intuitive to Guacamole's purpose. Though, I > have use case were we would like to be able to restrict select connections > for users by source IP. Has anyone come across this? and if so, how did you > come over it? > > I wouldn't even say this is counter-intuitive to Guacamole's purpose. It may not be the mainstream of what everyone wants, but it sounds perfectly reasonable to me. I don't think it has been implemented by anyone, yet, but should be very doable - it will require writing a custom Authentication Extension for Guacamole that looks at the source IP and determines what connections would be available to someone coming from that IP. With the recent additions of "decoration" to the modules, I would think this would be very doable. -Nick --f4f5e80ed90494d89405697db394 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On M= on, Apr 9, 2018 at 11:15 AM, Steven Galante <steven.galante@= stonybrook.edu> wrote:
I understand this is counter intuitive to Guacamole's purp= ose. Though, I have use case were we would like to be able to restrict sele= ct connections for users by source IP. Has anyone come across this? and if = so, how did you come over it?


I wouldn't even say this is counter-intuitive to Guacamole'= s purpose.=C2=A0 It may not be the mainstream of what everyone wants, but i= t sounds perfectly reasonable to me.

I don't t= hink it has been implemented by anyone, yet, but should be very doable - it= will require writing a custom Authentication Extension for Guacamole that = looks at the source IP and determines what connections would be available t= o someone coming from that IP.=C2=A0 With the recent additions of "dec= oration" to the modules, I would think this would be very doable.

-Nick=C2=A0

--f4f5e80ed90494d89405697db394--