https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359070#M10249 <HTML><HEAD></HEAD><BODY><P>Can I set a security rule based on Virtual proxy the user used at login? We'd like to open logging to public internet, for example for mobile users etc. If we allow login from public internet it will come thru a specific virtual proxy. But we would like to give access to restricted content that way, so we'll put that to another stream. Rest of content (the more sensitive content) will be accessible by logging in thru another virtual proxy. Or is it so that once user gets in, he/she sees everything they see, no matter how they log in?</P></BODY></HTML> Mon, 07 Aug 2017 07:37:09 GMT 2017-08-07T07:37:09Z https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359070#M10249 <HTML><HEAD></HEAD><BODY><P>Can I set a security rule based on Virtual proxy the user used at login? We'd like to open logging to public internet, for example for mobile users etc. If we allow login from public internet it will come thru a specific virtual proxy. But we would like to give access to restricted content that way, so we'll put that to another stream. Rest of content (the more sensitive content) will be accessible by logging in thru another virtual proxy. Or is it so that once user gets in, he/she sees everything they see, no matter how they log in?</P></BODY></HTML> Mon, 07 Aug 2017 07:37:09 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359070#M10249 2017-08-07T07:37:09Z https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359071#M10250 <HTML><HEAD></HEAD><BODY><SPAN>One solution is to enable the extended environment (from proxy configuration). This allow you to track the client IP address (expect the outer request come through a different network class). You should write a security rule using it (user.environment.ip) to restrict the access to certain content for those coming from outside</SPAN><P class=""><BR /></P></BODY></HTML> Wed, 09 Aug 2017 19:21:05 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359071#M10250 Vincenzo_Esposito 2017-08-09T19:21:05Z https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359072#M10251 <HTML><HEAD></HEAD><BODY><P>Thanks Vincenzo! So to use the user.environment.ip in the security rule, I just need to assign some wildcard to evaluate if the traffic is from inside, right? I mean I won't know every single IP.</P></BODY></HTML> Thu, 10 Aug 2017 07:23:55 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359072#M10251 2017-08-10T07:23:55Z https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359073#M10252 <HTML><HEAD></HEAD><BODY><P class="">Yes you should use wild character (*) and like instead the equal sign.&nbsp;</P></BODY></HTML> Thu, 10 Aug 2017 11:54:34 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359073#M10252 Vincenzo_Esposito 2017-08-10T11:54:34Z https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359074#M10253 <HTML><HEAD></HEAD><BODY><P>Thanks <A href="https://community.qlik.com/people/ves">ves</A></P></BODY></HTML> Thu, 10 Aug 2017 11:56:49 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-based-on-Virtual-proxy-used/m-p/1359074#M10253 2017-08-10T11:56:49Z