Tags:
create new tag
, view all tags

Question

I would like to restrict acces to a web or a topic to a list of IP address, while preserving full Internet access to Twiki ,Main and all other Webs.

I did see AccessRestrictionByIPAddress which hasn't a positive response frown

or BlackListPlugin which seems to be whole twiki site solution, not only one Web or a specific topic.

please let me know how . Thanks.

Environment

TWiki version: TWikiRelease04x02x03
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Centos 5.2 kernel 2.6.22
Web server: apache httpd-2.2.3
Perl version: perl-5.8.8-15.el5_2.1
Client OS: Windows / linux
Web Browser: Firefox & IE
Categories: Htaccess

-- JehanProcaccia - 29 Nov 2008

Answer

ALERT! If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

I added some details to AccessRestrictionByIPAddress that allows you to restrict access by IP address. Not sure if Apache supports an Allow from directive for a URL with PATHINFO (the Web/Topic info that follows the view script). But even if it does, it does not prevent someone from using a URL path such as /cgi-bin/view/Main/WebHome?topic=Secretweb/WebHome.

A safer solution and portable is to write a simple plugin that checks for proper IP address in the initialize function. TWikiPlugins as the details on how to write a plugin, BlackListPlugin might come handy to borrow some code.

-- PeterThoeny - 29 Nov 2008

I installed and tested BlackListPlugin but as I presumed, It works on the whole twiki site, It's not configurable by Webs or Topics frown .

I Also looked at apache directive like LocationMatch (http://httpd.apache.org/docs/2.2/sections.html) 

<LocationMatch "/~procacci/wiki/bin/view/Community/"> 
    Order Deny,Allow
     Deny from all
      Allow from 157.159.
</LocationMatch>

unfortunalty it doesn't work in .htaccess file, only in httpd.conf frown I'am lost, I don't feel capable of writing a dedicated module ... What would be fine is that in WebPreference, in addition to TWIKIGroups or TwikiUsers we could use IP address to the Allow/DenyWebWiew or Allow/DenyTopcView, would it be a long developpement to add this ?

-- JehanProcaccia - 30 Nov 2008

Restricting access by IP address is a special case, I do not think this feature should go into the core TWiki. Ask around if you find a Perl programmer to create a simple BlockByIPPlugin to your spec.

-- PeterThoeny - 01 Dec 2008

 
Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2008-12-01 - PeterThoeny
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Download TWiki
TWiki logo Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.