About Page Render IP Restriction

This module adds basic capability to restrict page rendering to selected number of IP addresses.

Category Users and Access
Modules dealing with access in ProcessWire via Users, Roles or Permissions.
Release StateBeta
Close to stable, but users are advised to be cautious and test thoroughly.*
Authorteppo
Module Version0.8.1
Class NamePageRenderIPRestriction
Compatibility2.2
Date AddedNovember 17, 2012
Last UpdatedDecember 6, 2017
Recommended ByNew recommendations may take up to 1 day to appear.

Details

This module adds basic IP restriction capabilities to page rendering.

Currently individual IPs (127.0.0.1), IP ranges (127.0.0.1-127.0.0.255) and CIDR format (127.0.0.0/24) are supported. You can also decide whether restrictions should apply to a) admin area and b) authenticated users.

Please note that this module is only meant to be used as an additional security measure in addition to typical username/password authentication or something similar, not on it's own. Especially if protected content is valuable and/or sensitive it would be a much better idea to add all IP restriction rules within (software or hardware) firewall instead of relying on a module.

Instructions

How to install

Copy PageRenderIPRestriction folder to your /site/modules/, go to Admin > Modules, hit "Check for new modules" and install Page Render IP Restriction. That's it.

How to use

Default out-of-the-box settings don't introduce any restrictions. You can edit module settings (Admin > Modules > Page Render IP Restriction) to include those IPs you wish to allow access to your site for. Once you've filled in at least one IP address and saved module settings restriction will be immediately effective.

README

Page Render IP Restriction Module

This module adds basic IP restriction capabilities to page rendering. Please notethat this is only meant to be used as an additional security measure in addition to typical username/password authentication or something similar, not on it's own.

This is very important especially if protected content is valuable and/or sensitive.In those cases it would also be a much better idea to add all IP restriction rules within (software or hardware) firewall instead of relying on a module.

Installing

Copy PageRenderIPRestriction folder to your /site/modules/, go to Admin > Modules,hit "Check for new modules" and install Page Render IP Restriction. That's it.

How to use

Default settings for this module don't introduce any restrictions. You should editmodule settings (Admin > Modules > Page Render IP Restriction) to include those IPs you wish to allow access to your site for. Please note that if you fill in at least one IP address and check both "Restrict admin access" and "Restrict access for authenticated users" checkboxes you will no longer be able to reach Adminwithout valid IP.

Settings

Allowed IPs

  • IP addresses that have access to your site
  • Each address on it's own line
  • Supported formats: 127.0.0.1 (individual IPs), 127.0.0.1-127.0.0.255 (IP ranges)and 127.0.0.0/24 (CIDR)
  • Default: null

Access denied message

  • What message should users get when they're being denied access?
  • Leave blank to show no message. HTML markup is supported.
  • Default: null

Access denied action

  • What should happen when user is denied access?
  • Possible values: "Exit with specified message" or "Redirect user to login page",but latter option has no effect if admin access is also restricted
  • Default: null (send HTTP/1.1 403 Forbidden header + no message)

Restrict admin access

  • If you check this box, admin pages will only be available for users with valid IPs
  • Default: false

Restrict access for authenticated users

  • If you check this box, IP restriction will also apply to authenticated (logged in)users.
  • Default: false

Exceptions to access restriction (allowed paths)

  • With this setting you can define paths that are excluded from access restriction
  • You can optionally specify the request method: /my-allowed-url/ POST
  • Default: null

Exceptions to access restriction (allowed domains)

  • With this setting you can define domains that are excluded from access restriction
  • Default: null

Comments

No comments yet. Be the first to post!

Post a Comment

Your e-mail is kept confidential and not included with your comment. Website is optional.