Welcome to WebmasterWorld Guest from 184.108.40.206
The forum is not for external viewing, but I would like to use the google analytics software, which requires google to 'see' the forums. So ideally I would like to give external access to only the google machines, which I think would need an IP address or a domain name (you can selectively grant access to certain machines by adding rule to your .htaccess file (if you're serving from Apache))
unless your intranet is accessible by FQDN you can not... see googles answer:
How do I run Google Analytics on my intranet?
Note: This article is for the latest version of the tracking code. If you are using the older version, please read the following article.
Does knowing that help make it easier to do?
You still can block everything from getting into your site. You just have to allow requests to go out from the site, to the outside world.
Thanks for the info about outgoing/incoming traffic and FQDNs. I think I may need to explain a bit further.
The actual software is located on an external server, which has a FQDN. However, since we only would like people from the intranet seeing the forum, we have set up the .htaccess file to only allow requests which have been forwarded from within our intranet (our intranet forwards requests to the external server if the request is for the forum).
This is not the best security measure, but the information on the forums is not too sensitive. So ideally what I would like to do on the external server is only allow requests if the request came from within our internal network (which I've already done), OR the request is from google analytics. The question is, how do you identify the google analytics machine?
Based on what you further explained, I'm inclined to agree with cgrantski. Google doesn't have to be able to access your site in order to report hits with GA; it's just that the visitor's browser needs to be able to reach google-analytics.com in order to send the visit information. As long as you can access [google-analytics.com...] from within your intranet, and the external server has a FQDN as you say it does, you should be fine.
I assume their system is just set up to drop requests that don't appear to be from a FQDN.
However, I have always believed that you'll initially need Google to see the code installed *somewhere* in order for it to start working - or maybe it is just the fact that calls are being made to ga.js that starts it working. Try it and see.
When I ping google-analytics.com, I get the IP address 220.127.116.11. Perhaps others here can check for the same thing from their locations, to try to get an idea of the IP ranges.
ARIN says that 18.104.22.168 is part of the range
NetRange: 22.214.171.124 - 126.96.36.199
As I said, there could be other ranges associated with Google Analytics.
If you allow this range access to your site, you might solve your problem. You certainly wouldn't be allowing anybody or anything EXCEPT Google in there, if you did. (Be sure to set your robots.txt file to tell Google to not follow and especially not index!)
Also, have you asked Google itself about this, or checked the google analytics user forum that's on the Google domain?
[edited by: cgrantski at 2:48 pm (utc) on Dec. 10, 2008]
- Created a new analytics account
- Put the code on a local page only
- Viewed the page
This resulted in no visit logged, and an exclamation icon ("tracking unknown") within GA
I then put the code on an entirely different FQDN (not related to the one set up in analytics) and viewed the page. I know have a tick icon ("Receiving Data") within WMT, and one visit recorded.
So it seems you might be able to "hack" the status by putting the code on any old host temporarily.
[edited by: Receptional_Andy at 2:52 pm (utc) on Dec. 10, 2008]
If the GA data collection server doesn't have access for returning a cookie value to the intranet server
But it doesn't return a cookie value - the visitor sends their cookie value to GA - hence a first party cookie. Google's servers can't access the cookie value since they are not on the same domain.
The only way requests from multiple hosts would not be recorded was if GA deliberately dropped information based on the host supplied. I'm, not sure why they would include such functionality, and if they did, why they would do so based on the first host within a request.
From what I've seen, you have to create an advanced filter to even get GA to display the host in reports - instead the reports show as if everything was called from the host entered in the GA setup.
I used an alternate host in my test, because I wanted to simulate a request from a FQDN other than the one in the GA account - whether GA can access the host isn't the issue. I didn't see any Google activity in server logs as a result of the initial requests.