Web Hosting - Firewall Options

Those who wish to restrict web site access to specific UW Madison IP ranges (or custom rules) can utilize the Platform Firewall Utility (PaloAlto). The Web Hosting service will coordinate this process for you.

Firewall Rule Set Options

These rules are applicable to the IP of the site and cannot be used to protect subdirectories with different sets of rules than the rest of the site.

DoIT Data Center
Static WiscVPN + DoIT Staff networks
Management Address Groups (Data Center, DoIT Staff, Static VPN)
UW-Madison
UW System
World
Or Custom rules

For assistance, please email webhosting@doit.wisc.edu with the details of your firewall rules request.

Subdirectory Protection

If you require sub-directory protection (e.g. mysite.wisc.edu/subfolder/), there are manual ways to implement firewall rules on an individual path(s). Depending on the platform and nature of the application, you can accomplish sub-directory protection with a variety of methods (Apache rules in vhost.conf or .htaccess, Win/IIS web.config, etc.).

Please be aware: Keeping up with the ever-changing rules that make up Campus IP space can be difficult and time-consuming. One way of overcoming this sub-directory dilemma for campus rule sets is to break out the sub-directory into its own domain and redirect to it. For Example: Making the following change...

mysite.wisc.edu/admin ⟶ admin.mysite.wisc.edu

...would allow the new domain to make use of the platform firewall.

Keywords:	firewall, platform, IP, campus, system, datacenter, vpn, rules, access, palo alto, host Suggest keywords	Doc ID:	31705
Owner:	Jake S.	Group:	DoIT Web Hosting
Created:	2013-07-19 11:14 CDT	Updated:	2023-03-01 10:40 CDT
Sites:	DoIT Web Hosting
Feedback:	0 0 Comment Suggest a new document Subscribe to changes