User based ip restrictions. #5
Comments
|
Abortlogin is a gate-keper, It prevents outsiders from getting past the gate--i.e., the login form. Users and groups are on the inside of the gate and have no meaning in advance of the user's being logged in. I wrote this plugin because I get literally thousands of attempts to break into my wikis via login. Not only does it prevent attempts to login by brute force means, i.e. trying multiple passwords and users,, it also prevents hackers from circumventing the login screen itself. You can probably do what you want to do by using ACL rules. You can refuse read permission to pages based on user groups--you can devise as many groups as you need. |
|
Dear Myron,
I am using dokuwiki for our documention needs and there are some documents
with proprietory information and thus we want to restrict some users to be
able to see these only from inside our work premises and not outside.
I request you to make this optional so that if required such restrictions
can be imposed on when required.
Thanks,
Sarabjeet Singh
…On Wed, 27 Jun 2018, 08:26 Myron Turner, ***@***.***> wrote:
Abortlogin is a gate-keper, It prevents outsiders from getting past the
gate--i.e., the login form. Users and groups are on the inside of the gate
and have no meaning in advance of the user's being logged in. I wrote this
plugin because I get literally thousands of attempts to break into my wikis
via login. Not only does it prevent attempts to login by brute force means,
i.e. trying multiple passwords and users,, it also prevents hackers from
circumventing the login screen itself. You can probably7u dop what you want
to do by using ACL rules. You can refuse read permission to pages based on
user groups--you can devise as many groups as you need.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AcHKnRGuqcTTr2BMOxUJJHewKlG_DPJUks5uAvRLgaJpZM4U49tw>
.
|
|
You do this with ACL rules. Make these documents unreadable to non-users and then create a special group for the users who can read these documents and allow read access only to this group. There’s nothing that abortlogin can do for this situation, because it comes into play before anything is known about pages and users.
From: Sarabjeet76 [mailto:notifications@github.com]
Sent: June 28, 2018 11:03 PM
To: turnermm/abortlogin <abortlogin@noreply.github.com>
Cc: Myron Turner <turnermm02@shaw.ca>; Comment <comment@noreply.github.com>
Subject: Re: [turnermm/abortlogin] User based ip restrictions. (#5)
Dear Myron,
I am using dokuwiki for our documention needs and there are some documents
with proprietory information and thus we want to restrict some users to be
able to see these only from inside our work premises and not outside.
I request you to make this optional so that if required such restrictions
can be imposed on when required.
Thanks,
Sarabjeet Singh
On Wed, 27 Jun 2018, 08:26 Myron Turner, ***@***.***> wrote:
Abortlogin is a gate-keper, It prevents outsiders from getting past the
gate--i.e., the login form. Users and groups are on the inside of the gate
and have no meaning in advance of the user's being logged in. I wrote this
plugin because I get literally thousands of attempts to break into my wikis
via login. Not only does it prevent attempts to login by brute force means,
i.e. trying multiple passwords and users,, it also prevents hackers from
circumventing the login screen itself. You can probably7u dop what you want
to do by using ACL rules. You can refuse read permission to pages based on
user groups--you can devise as many groups as you need.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AcHKnRGuqcTTr2BMOxUJJHewKlG_DPJUks5uAvRLgaJpZM4U49tw>
.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#5 (comment)> , or mute the thread <https://github.com/notifications/unsubscribe-auth/AAKxP4Eyu5PRLy9uUQl2qq7SJ4vuw8_-ks5uBab6gaJpZM4U49tw> .
|
|
There should be a way so that all users are allowed to see the login screen but when a user/ user group signs in, a pop out message should display telling " You are not allowed to login from this ip" |
|
The plugin can't do this because it does its work before DokuWiki has set up the ACL rules that govern logged on users. If you want to do this, use ACL. Create a group that will have access to these pages, go the the Access Control administration panel and give this group permission to read (or edit or create) these pages. Then set the @ALL group to none for these pages. Event if the plugin could do what you want, it would make no sense since it can already be done by the built-in access management system. |
Great plugin !
I want to suggest a feature where ip based restrictions can be applied to only one or more user groups instead of restricting all user groups at once.
The text was updated successfully, but these errors were encountered: