How to block an IP address from a network share

network-shares ip active-directory shared-folders blacklist

Solution 1

Im not sure if I completely understand the requirements of your question, however look at the following:

Both Windows Sharing and Windows File Security have option to Allow and Deny access to a files and/or folders based on user names and/or computer names and/or Active Directory security groups.

So you can set the share/file security to allow Everyone, yet deny a list of computers. This would be best accomplished in creating an AD security group with all the computers you want to deny. Creating an AD security group is easier, as you want to reuse this group elsewhere.

Important note: Deny always takes precedence over Allow

Solution 2

Windows Security Model restricts access per-user, not per-IP. Basically, you can configure firewall options for File and Printer Sharing service to only permit certain IP communications, but this will restrict all the shares on this computer for that IP only. I wouldn't recommend blocking via IP since it could be spoof'd anyways. Here's a nifty link on Windows File Sharing;

http://windows.microsoft.com/en-us/windows-vista/share-files-and-folders-over-the-network-from-windows-vista-inside-out

"NTFS permissions apply to folders and files on an NTFS-formatted drive. They provide extremely granular control over an object."

gclark18

Updated on September 18, 2022

Comments

gclark18 over 1 year
Controller:
```
public function search(Request $request)
{
    $stores = Store::with('router', 'tills', 'backOffices','contacts', 'storeStatus', 'storeStatus', 'storeType', 'scos', 'fuelBrand')->where('store_name', 'like', '%' . $request['find'] . '%')->paginate(13);
    return view('store.index')->with([
        'stores' => $stores,
        'find' => $request['find'],
    ]);
}
```
View
```
<div class="flex-1 mx-10">
    <form action="/store/search" method="POST" name="search" role="search">
        @csrf
        <input id="index-view-search" name="find" type="text" placeholder="Search"
               class="border rounded w-full p-1"
        >
    </form>
</div>
<div class="mx-3">
    @if ( Route::is('store.index') )
        {{ $stores->links()  }}
    @else
        {!! $stores->appends(['find' => $find])->links() !!}
    @endif
</div>
```
Route
```
Route::any('/store/search', "StoreController@search")->name('stores.search');
```
Can anyone tell me why I get a 404 when I click the pagination links for this code?

The route accepts post or get, I pass back the search term and the page number... /store/search?find=evans&page=2 is what the pagination instance is requesting, I cannot see what is wrong
- user1984103 over 10 years
  
  Have you tried blocking the IP with Windows Firewall?
- Kryptos over 10 years
  
  I disable Windows firewall because it causes connectivity issues with different areas. It's a large building with several switches etc. It seems to work best when I have the firewall disabled, but could it just be my own superstition?
- user1984103 over 10 years
  
  It will block connections coming into your computer unless you open up specific ports, but it's not a haphazard thing... either it blocks them or it doesn't. You can review the logs to see if the Firewall is actually blocking things when it shouldn't be, and create additional rules when appropriate.
- Saud Qureshi almost 4 years
  
  why don't you search from "/store" itself? just a suggestion :)
- gclark18 almost 4 years
  
  @SaudQureshi /search GET is store.index and /search POST is store.store as per the resource controller otherwise I would have prefer that too
Kryptos over 10 years

I think this could work.. do I have to install Active Directory? I can't seem to find it on my PC by default. If so, where?
Keltari over 10 years

Oh you arent in an AD environment? Do you have a Windows administrator in your environment? If so, talk to him. Otherwise its still ok, you can still do the same thing, it will just be more time consuming as you will need to manually add all the machines to deny.
Kryptos over 10 years

I don't have permission from the IT gods to use AD. It's basically my PC to everyone else with out any help, influence, etc from IT.
Keltari over 10 years

So there is an AD environment? This is something they can set up easily and quickly. This is what they do. Ask them to set it up.
Kryptos over 10 years

There is but I 100% for sure will not be given access.. I think I can create a group on my local machine though. I tried that and was able to add a test computer to it. (mmc.exe) I supposedly blocked the group, but the computer still has access
Keltari over 10 years

Seriously, just talk to them. If there is a business requirement for this sharing, then they should be the ones setting this up to meet your needs. Administrators dont bite... much. Offering food helps too.
Kryptos over 10 years

I know... The IT dept is 1 full time and 1 part time. I can only talk to the full time guy and he will not do it. I have to do it on my own.
sta almost 4 years

Yes, you need to pass query on every pages