Web Hosting - Firewall Options

Those who wish to restrict web site access to specific UW Madison IP ranges (or custom rules) can utilize the Platform Firewall Utility (PaloAlto).  The Web Hosting service will coordinate this process for you.

Firewall Rule Set Options

These rules are applicable to the IP of the site and cannot be used to protect subdirectories with different sets of rules than the rest of the site.

  • DoIT Data Center
  • Static WiscVPN + DoIT Staff networks
  • Management Address Groups (Data Center, DoIT Staff, Static VPN)
  • UW-Madison
  • UW System
  • World
  • Or Custom rules

 For assistance, please email webhosting@doit.wisc.edu with the details of your firewall rules request.

Subdirectory Protection

If you require sub-directory protection (e.g. mysite.wisc.edu/subfolder/), there are manual ways to implement firewall rules on an individual path(s).  Depending on the platform and nature of the application, you can accomplish sub-directory protection with a variety of methods (Apache rules in vhost.conf or .htaccess, Win/IIS web.config, etc.).

Please be aware: Keeping up with the ever-changing rules that make up Campus IP space can be difficult and time-consuming. One way of overcoming this sub-directory dilemma for campus rule sets is to break out the sub-directory into its own domain and redirect to it. For Example: Making the following change...

mysite.wisc.edu/adminadmin.mysite.wisc.edu
...would allow the new domain to make use of the platform firewall.




Keywords:firewall, platform, IP, campus, system, datacenter, vpn, rules, access, palo alto, host   Doc ID:31705
Owner:Jake S.Group:DoIT Web Hosting
Created:2013-07-19 11:14 CDTUpdated:2023-03-01 10:40 CDT
Sites:DoIT Web Hosting
Feedback:  0   0