Thanks for the feedback. But I want to block 'username' based on IP. So how can th eproxy acknowledge the user name and filter it? So basically user 'sandy' can login when she is at 145.144.14.1 IP address, but she cannot login with her username at home. This system will only restrict the employee accounts to static IP address.

Only employees have access to the /web path in the default configuration, so there is no need to make it based on username. The only thing I do not know right now is if the portal users also need the URL /web/login to login. In this case, you have to exempt the path /web/login from the blocking. There is no need to make more complicated than necessary.

Just checked it, portal users also do log in at /web/login, so you must allow /web/login from outside.

thank you very much Ermin. I will try and give feedback.

So the web/login/ must work for everyone including employees, after authentication /web/ should not allow access from outside. will be a little tricky but well at least a start.

Thank you Ermin for your inputs. The module on the answer is what I needed. Will check the code and see the logic.

I do well know about this module. But most people at home do not have a fixed IP, so I wish you the best of luck...

Sorry, my mistake, I did not realize that the module does a "positive" policy in contrary to the usual "negative" policy of proxy servers.