search

turnermm / abortlogin

Allow login to Dokuwiki from known IP's only
https://www.dokuwiki.org/plugin:abortlogin
GNU General Public License v2.0
2 stars 3 forks source link

User based ip restrictions. #5

Open Sarabjeet76 opened 6 years ago

Sarabjeet76 commented 6 years ago

Great plugin ! I want to suggest a feature where ip based restrictions can be applied to only one or more user groups instead of restricting all user groups at once.

turnermm commented 6 years ago

Abortlogin is a gate-keper, It prevents outsiders from getting past the gate--i.e., the login form. Users and groups are on the inside of the gate and have no meaning in advance of the user's being logged in. I wrote this plugin because I get literally thousands of attempts to break into my wikis via login. Not only does it prevent attempts to login by brute force means, i.e. trying multiple passwords and users,, it also prevents hackers from circumventing the login screen itself. You can probably do what you want to do by using ACL rules. You can refuse read permission to pages based on user groups--you can devise as many groups as you need.

Sarabjeet76 commented 6 years ago

Dear Myron,

I am using dokuwiki for our documention needs and there are some documents with proprietory information and thus we want to restrict some users to be able to see these only from inside our work premises and not outside.

I request you to make this optional so that if required such restrictions can be imposed on when required.

Thanks,

Sarabjeet Singh

On Wed, 27 Jun 2018, 08:26 Myron Turner, notifications@github.com wrote:

Abortlogin is a gate-keper, It prevents outsiders from getting past the gate--i.e., the login form. Users and groups are on the inside of the gate and have no meaning in advance of the user's being logged in. I wrote this plugin because I get literally thousands of attempts to break into my wikis via login. Not only does it prevent attempts to login by brute force means, i.e. trying multiple passwords and users,, it also prevents hackers from circumventing the login screen itself. You can probably7u dop what you want to do by using ACL rules. You can refuse read permission to pages based on user groups--you can devise as many groups as you need.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/turnermm/abortlogin/issues/5#issuecomment-400527100, or mute the thread https://github.com/notifications/unsubscribe-auth/AcHKnRGuqcTTr2BMOxUJJHewKlG_DPJUks5uAvRLgaJpZM4U49tw .

turnermm commented 6 years ago

You do this with ACL rules. Make these documents unreadable to non-users and then create a special group for the users who can read these documents and allow read access only to this group. There’s nothing that abortlogin can do for this situation, because it comes into play before anything is known about pages and users.

From: Sarabjeet76 [mailto:notifications@github.com] Sent: June 28, 2018 11:03 PM To: turnermm/abortlogin abortlogin@noreply.github.com Cc: Myron Turner turnermm02@shaw.ca; Comment comment@noreply.github.com Subject: Re: [turnermm/abortlogin] User based ip restrictions. (#5)

Dear Myron,

I am using dokuwiki for our documention needs and there are some documents with proprietory information and thus we want to restrict some users to be able to see these only from inside our work premises and not outside.

I request you to make this optional so that if required such restrictions can be imposed on when required.

Thanks,

Sarabjeet Singh

On Wed, 27 Jun 2018, 08:26 Myron Turner, notifications@github.com wrote:

Abortlogin is a gate-keper, It prevents outsiders from getting past the gate--i.e., the login form. Users and groups are on the inside of the gate and have no meaning in advance of the user's being logged in. I wrote this plugin because I get literally thousands of attempts to break into my wikis via login. Not only does it prevent attempts to login by brute force means, i.e. trying multiple passwords and users,, it also prevents hackers from circumventing the login screen itself. You can probably7u dop what you want to do by using ACL rules. You can refuse read permission to pages based on user groups--you can devise as many groups as you need.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/turnermm/abortlogin/issues/5#issuecomment-400527100, or mute the thread https://github.com/notifications/unsubscribe-auth/AcHKnRGuqcTTr2BMOxUJJHewKlG_DPJUks5uAvRLgaJpZM4U49tw .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/turnermm/abortlogin/issues/5#issuecomment-401241183 , or mute the thread https://github.com/notifications/unsubscribe-auth/AAKxP4Eyu5PRLy9uUQl2qq7SJ4vuw8_-ks5uBab6gaJpZM4U49tw .

Sarabjeet76 commented 6 years ago

There should be a way so that all users are allowed to see the login screen but when a user/ user group signs in, a pop out message should display telling " You are not allowed to login from this ip"

turnermm commented 6 years ago

The plugin can't do this because it does its work before DokuWiki has set up the ACL rules that govern logged on users. If you want to do this, use ACL. Create a group that will have access to these pages, go the the Access Control administration panel and give this group permission to read (or edit or create) these pages. Then set the @ALL group to none for these pages. Event if the plugin could do what you want, it would make no sense since it can already be done by the built-in access management system.