These VPNs don’t share the same IP, heck it looks like the IP is transparent to the end user.
I’d like to limit my website to users of this specific VPN. Any ideas how to determine that?
I’m open to basically any language/linux software that is needed.
You can’t. Information that would allow you to detect this does not exist.
Find out the egress IP addresses of the VPN, and restrict your ingress traffic to those.
At least for my WireGuard VPN, ip a shows a tun0 interface when it’s active
If you’re wanting your site to only be available to users of the VPN, then you join your server to that VPN. I suspect most consumer VPNs don’t allow client-to-client connections, so you’d have to check with the provider.
If you want to block VPN users then you’ll need to get the egress IP address ranges and then block them in the server firewall. Getting that information is unlikely as it’s not in providers interest to share them.
Somehow we have other websites that can only be accessed by being connected to the VPN.
Somehow we have other websites that can only be accessed by being connected to the VPN.
Are these corporate / intranet websites? You can get that effect by restricting membership to the VPN itself.
Typically such websites are hosted behind a firewall which only allows traffic from certain IP addresses. To get an allowed address you have to use the company’s internal network (intranet) or connect to their VPN. You need to be talking to your company’s IT department about how this site should be set up.
Sign up for VPN. Access your site while using the VPN. See what IP address is used. Ban that IP Address (or range).
You can get that effect by restricting membership to the VPN itself.
Yes, what is the process for that? Doesnt seem to be a GET header. (Heck GET headers sound unsafe)
These are not intranet as far as I can tell.
Somehow this VPN isnt changing IP addresses.
It’s restricted to the range of IP addresses assigned to that VPN. Anything else can be blocked by the firewall.
They’re blocking outside connections (non vpn).
The VPN connects them to the internal network.
So they aren’t checking if you are using a VPN they are checking if you are on the internal network.
I don’t really know the specifics because I’m not into Devops myself, we have a team at the company that handles all this.
I DO know that it involves setting up firewall rules to deny connections that don’t come from a specific IP / range of IPs, and the app itself doesn’t really do anything special to the traffic.
HTTP happens at layer 7, whereas VPNs are way down in layer 3 or 4, so looking at HTTP traffic ain’t gonna do it.
That doesn’t sound that unusual but tbh I am not a network engineer. I can imagine bigger VPNs have several egress points but I wouldn’t be surprised for smaller or free VPNs to have a single IP they route through.