Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: ACL (Access Control List) #4841

Merged
merged 1 commit into from Apr 15, 2019

Conversation

Projects
None yet
3 participants
@JediKev
Copy link
Member

commented Apr 10, 2019

This adds a new feature called ACL that offers the ability to control what IP addresses are allowed to access the Login Page(s). This adds a new textfield to the System Settings to add a comma separated list of IPs. This also adds a checkbox called "Apply To Backend Only" that, if enabled, will only apply the ACL to the Agent Login Page. Lastly, this adds a validator for a simple comma-separated list of IP addresses. (eg. 111.111.111.111, 222.222.222.222, 333.333.333.333)

If the requester's IP is not in the ACL the system will show an "Access Denied" page. If the requester's IP is in the ACL they will be able to access the Login Page(s) as usual. If the ACL field is left blank anyone will be able to access the User/Agent Login Pages.

@knels knels referenced this pull request Apr 11, 2019

Closed

Malware in osticket.com #4842

@ntozier

This comment has been minimized.

Copy link
Contributor

commented Apr 11, 2019

I would recommend that you institute ranges and not just single IPs.

Example:
If I wanted 192.168.44.1 to 192.168.45.255 you could enter it either as:

192.168.44.1-192.168.45.255
or as
192.168.44.0/24,192.168.45.0/24

@JediKev

This comment has been minimized.

Copy link
Member Author

commented Apr 11, 2019

@ntozier

That will be implemented in version 2 of this feature. Version 1 is basic.

Cheers.

@ntozier

This comment has been minimized.

Copy link
Contributor

commented Apr 11, 2019

@JediKev fair enough. I just can't use this feature until it exists.... 19 locations spread across the state. :)

A separate lists for Users and SCP would also be a welcome edition.

feature: ACL (Access Control List)
This adds a new feature called ACL that offers the ability to control what
IP addresses are allowed to access the system. This adds a new textfield to
the System Settings to add a comma separated list of IPs. This also adds a
dropdown labeled "Apply To:" that gives you the option to choose which
panel(s) the ACL will apply to. Lastly, this adds a validator for a simple
comma-separated list of IP addresses. (eg. `192.168.1.1, 192.168.2.2,
192.168.3.3`)

If the requester's IP is not in the ACL the system will show an "Access
Denied" page. If the requester's IP is in the ACL they will be able to
access the system as usual. If the ACL field is set to Disabled, anyone will
be able to access the system.

This adds an initial failsafe where if the Admin's current IP address is not
in the ACL upon saving the system will refuse to save the setting to prevent
the Admin from being locked out. This also adds another failsafe where if
there is an "Apply To:" option set but there are no IPs provided the system
will return an error letting the Admin know they have to insert an IP
address to continue.

@JediKev JediKev force-pushed the JediKev:feature/access-control-list branch from 8608697 to 1018b63 Apr 15, 2019

@protich protich merged commit b8b001a into osTicket:develop-next Apr 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.