Campus IP restrictions for a page on ehs.research.uiowa.edu

[briand44]

We have a need to have a web page accessible only to campus without a password. This is a requirement based on OSHA regulations. Not using a password is a critical element of the OSHA regulations. Environmental Health and Safety has a drupal site at ehs.research.uiowa.edu. What are our options to present an external link (to a vendor’s web site) but only for people that are on campus?

Currently on the home page for ehs (see url above) we have a link to MSDS Online. This link is being replaced because we are replacing the vendor. The goal would be to have that button / link still be prominent, but the actual link to only be available to click if the user is on campus. One thought was to create an intermediate page that is only accessible if you are on a campus network (VPN is ok).

[briand44]

After some discussions it sounds like we could possibly use this module https://www.drupal.org/project/restrict_page_ip. We would need to use APE to disable caching for the particular page as well. I am not sure of the list of IP ranges we need to allow but there is some info https://itsecurity.uiowa.edu/network-and-airspace.

[richardbporter]

I had some issues with the module. I think an htaccess rule would work in combination with APE. I'll start on that.

[briand44]

One benefit of the module I thought was that it would allow a customized message. What will people see with this restriction in place if they are off campus and off VPN? The 403 access denied?

[richardbporter]

Yes, a 403.