Closed EddyCatt closed 1 year ago
I don't think such a feature is available at the moment.
@mattiagiupponi @afabiani the only quick thing that comes to my mind is a middleware that verifies if the user about to login is an admin and, in that case, the login will succeed only if the request IP (taking also into account X+Forwarded-For
) is in a dedicated whitelist.
Client is asking to add to the white list the private IP address range used in UNHQ :10.240.0.0/12. Client also accept our request to add the IP address of the remote desktop machine to the white list, for us to connect to GeoNode
They also would like to know the admin account and new password (the enhanced one) for the ICT to check the server. Remote desktop has been re-established
IP range set. The IP of the test machine itself has been added. The current whitelist is the following:
ADMIN_IP_WHITELIST=10.208.63.134,10.240.0.0/12
Another IP range should be added for South Sudan office: 10.155.134
@EddyCatt 10.155.134.0/24 range added to the whitelist.
@EddyCatt as requested I've updated the whitelist by setting the range 10.155.0.0/16
UNMiss accepts as a possible mitigation for security issue on their public GeoNode to login as admin only from UN network, or limited IP addresses.