New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Adds support for wildcard and regex match ip addresses for API keys. … #3932
base: develop
Are you sure you want to change the base?
[feature] Adds support for wildcard and regex match ip addresses for API keys. … #3932
Conversation
…Also adds hostname options. Introduces "hostname:" and "regex:" syntax to the ipaddr field. IP ( 1.2.3.4 ) compares with source ip IP Wildcard ( 1.2.*.* ) wildcard compare with source ip IP Regex ( regex:/^123.\d{1,3}.789.0$/ applies regex directly to source ip Hostname ( hostname:some.example.domain.com ) dns look up domain, comapres with source ip Hostname Wildcard ( hostname:*.*.example.domain.com ) reverse dns lookup on source ip wilcard compared with domain Hostname Regex ( hostname:regex:/\w+?\.example(\.domain)?\.com/i ) reverse dns lookup on source ip, then regex applied to domain
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Line 133 of class.api.php has an extra close parenthesis at the end.
Aside from that, this works great! thanks for this.
removed extra parenthesis as pointed out by jasonhoward7
Hi @rmawatson. From what I can tell, there're at least two problems with your implementation:
Personally, I'd rather see this feature removed altogether than extending it. There's plenty of existing tools, with which you can achieve the same results. For example, one can use Nginx as a front-end server and do the client validation there. |
For any partial matches the user should be responsible for entering the correct expression in the field. Validation is unnecessary. As this PR exposes the the regex expression entry directly to the user, what do you do when they are matching using regex ip, or a wildcard ip? partial validation? If this was even possible to do, it would add additional complication to something that is otherwise a simple implementation. The
|
Is this going to be merged into mainstream? This is an important one. |
After changing the code, im getting the error from I changed the message to get the output and I at the osticket log I get Date: Παρ, Νοε 19 2021 16:13 IP Adress: 152.12.34.34 The key is an old one (just an IP) and enabled. If I rollback the code, it works fine, any idea? EDIT |
@geo782 Are you able to update the PR or provide the entier function? |
Der Fi**er vom Dienst. Nice. Probs gehen raus. |
Please merge this @protich ! |
Any update in this? |
No, there is no update otherwise you’d see it here. Yes, by design we restrict the API Keys to specific IP Addresses. We will not be changing this behavior in the current (legacy) osTicket codebase; we are focusing most of our efforts into v2.0 (full codebase rewrite). This behavior will be changing in v2.0 as we hope to add support for IP Addresses, IP Ranges, hostnames (static and wildcard), etc. so please stay tuned. Cheers. |
@JediKev I agree with lubo this feature is useless and should be removed. It is not a function of the software to handle IP whitelisting when that is something that is already handled by NGINX / Traefik etc. it’s one less thing for the team to support and right now only causes problems for those of us running in a clustered environment. |
…Also adds hostname options. Introduces "hostname:" and "regex:" syntax to the ipaddr field.
IP (
1.2.3.4
)compares with source ip
IP Wildcard (
1.2.*.*
)wildcard matched against source ip
IP Regex (
regex:/^123.\d{1,3}.789.0$/
)regex matched against source ip
Hostname (
hostname:some.example.domain.com
)dns look up domain, comapres with source ip ( this option works for dynamic dns setups )
Hostname Wildcard (
hostname:*.*.example.domain.com
)reverse dns lookup on source ip, wilcard matched against looked up domain
Hostname Regex (
hostname:regex:/\w+?\.example(\.domain)?\.com/i
)reverse dns lookup on source ip, then regex matched against looked up domain