The CreatorCon Call for Content is officially open! Get started here.

Question on scripting to determine valid ip address range

mon4
Giga Contributor

‎11-05-2014 05:24 PM

We have a vast range of ip addresses that we need to verify against for valid requests.

The idea is to filter out any incoming email that does not contain a valid ip address in the body.

 

In the Filters module of System Mailboxes, we can set values to filter for so we can set conditions like 'body contains <ip address', but that would mean that we need to manually input all the ip addresses.   Since we have over a million of them, this is not an option.   We need to be able to script it.

 

Does anyone know how to script to verify a valid IP range based on the CIDR notation and subnet mask?

A sample script would be much appreciated.   Thank you very much.

0 Helpfuls
  • 3,165 Views
8 REPLIES 8

akt_snow
Giga Expert

‎11-05-2014 05:36 PM

If you want to stop access from any ip address except the one's allowed, then I would suggest using ip access control. But if you want to allow all ip addresses, but validate the request by looking at the ip address in the body/subject, then it will have to be customized.


You will have to create a table almost like Ip access control and create the script that would verify / find the presence of the incoming request ip.


Hope this helps.


0 Helpfuls

mon4
Giga Contributor
In response to akt_snow

‎11-05-2014 05:43 PM

Thanks for your reply, Avneet.   Unfortunately, I will need to allow all ip addresses, but validate the request by looking at the ip address in the body/subject, hence it will be customized.   I will be working on creating one, but was wondering if someone already has a sample script that I can customize.   Thanks, again.


0 Helpfuls

Michael Ritchie
ServiceNow Employee
ServiceNow Employee
In response to mon4

‎11-05-2014 06:42 PM

Something like this should help:


var ipAddress = IP from email



var ipAdressV4 = new SncIPAddressV4(ipAddress);



var startIP = new SncIPAddressV4(IP Address Start);



var endIP = new SncIPAddressV4e(IP Address End);



var range = new SncIPRangeV4(startIP, endIP);



if (range.contains(ipAdressV4)) 



//allow access



else



//deny access



}

mon4
Giga Contributor
In response to Michael Ritchie

‎12-17-2014 04:22 PM

Thanks for your reply, Michael.   For some reason, I didn't see the notification of this reply and only saw this now.   Sorry for the late reply.   I ended up making my own script for computing the range, but I will try this too and compare with the result of of what I did.



Many thanks,


Monette


0 Helpfuls