Closed EddyCatt closed 1 year ago
giohappy
commented
2 years ago I don't think such a feature is available at the moment.
@mattiagiupponi @afabiani the only quick thing that comes to my mind is a middleware that verifies if the user about to login is an admin and, in that case, the login will succeed only if the request IP (taking also into account X+Forwarded-For) is in a dedicated whitelist.
giohappy
commented
2 years ago 
EddyCatt
commented
2 years ago Client is asking to add to the white list the private IP address range used in UNHQ :10.240.0.0/12. Client also accept our request to add the IP address of the remote desktop machine to the white list, for us to connect to GeoNode
They also would like to know the admin account and new password (the enhanced one) for the ICT to check the server. Remote desktop has been re-established
giohappy
commented
1 year ago IP range set. The IP of the test machine itself has been added. The current whitelist is the following:
ADMIN_IP_WHITELIST=10.208.63.134,10.240.0.0/12
EddyCatt
commented
1 year ago Another IP range should be added for South Sudan office: 10.155.134
giohappy
commented
1 year ago @EddyCatt 10.155.134.0/24 range added to the whitelist.
giohappy
commented
1 year ago @EddyCatt as requested I've updated the whitelist by setting the range 10.155.0.0/16
UNMiss accepts as a possible mitigation for security issue on their public GeoNode to login as admin only from UN network, or limited IP addresses.