Question

Brainstorming Idea: IP Access Control

It would be nice if it is possible to define ip-addresses next to users and groups to have acces to a web or topic. In that case everybody from inside the company would be allowed to view and change topics about the organization without the need to logon!

-- HarrytSchimmel - 04 Jun 2008

Answer

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

This could be done with a plugin (see for example BlackListPlugin), but it can be done much easier with Apache directives. Untested example, showing a subnet restriction on 3 bytes of an IP address:

Order Deny,Allow
Deny from all
Allow from 12.23.56

Caution: IP addresses can be forged, see Wikipedia:IP_address_spoofing. A safer way is to establish a VPN tunnel between a hosted site and the internal network.

-- PeterThoeny - 04 Jun 2008

What if you don't want to deny from all but want to grant editing capabilities based on the ip?

-- HarrytSchimmel - 09 Jun 2008

I think that can be done with the Require directive of Apache. Consult the Apache docs, or ask in an Apache support forum.

(I moved this question from the Plugins web to the Support web.)

-- PeterThoeny - 09 Jun 2008