- Posts: 9
- Thank you received: 1
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Prevent admin login from everywhere
- htwsaar
- Topic Author
- Offline
- New Member
Less
More
9 years 4 months ago #114871
by htwsaar
Prevent admin login from everywhere was created by htwsaar
I try to secure the actual limesurvey installation.
Our German office for data security wants us to prevent administrative logins from the outside.
.htaccess is not helpful because it just blocks mydomain.tld/admin and not the actual and well known link for login in the role of admin.
Can someone help if there is an easy way by edition the index.php in the main folder, for example?
I would do that chance after every future update.
Someone else had the same problem / idea?
Thank you
Our German office for data security wants us to prevent administrative logins from the outside.
.htaccess is not helpful because it just blocks mydomain.tld/admin and not the actual and well known link for login in the role of admin.
Can someone help if there is an easy way by edition the index.php in the main folder, for example?
I would do that chance after every future update.
Someone else had the same problem / idea?
Thank you
The topic has been locked.
- htwsaar
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 1
9 years 3 months ago #115173
by htwsaar
Replied by htwsaar on topic Prevent admin login from everywhere
I found a way that fits my requirements.
My solution is made with php. I just need to check the changes after every update.
My solution is made with php. I just need to check the changes after every update.
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11758
- Thank you received: 2753
9 years 3 months ago #115179
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Prevent admin login from everywhere
Isn't it possible to block the "well known" URL via .htaccess as well?
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.
- htwsaar
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 1
9 years 3 months ago #115182
by htwsaar
Replied by htwsaar on topic Prevent admin login from everywhere
While we are just allowed to use a few .htaccess directives this would not be a solution for us.
The topic has been locked.
- sicoda_limesurvey
- Offline
- New Member
Less
More
- Posts: 10
- Thank you received: 1
5 years 6 months ago #173304
by sicoda_limesurvey
Replied by sicoda_limesurvey on topic Prevent admin login from everywhere
HI, this question is 3 years old, but would you give us a hint waht you changed in php ?
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13935
- Thank you received: 2551
5 years 6 months ago #173311
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Prevent admin login from everywhere
It can not be done in
manual.limesurvey.org/Authentication_plu...elopment#beforeLogin
?
Quick solution : set a limesurvey with 2 domain accessible : one with example.intra , other with example.org
And something like : if ($_SERVER != "example.intra") { throw 401; }
Quick solution : set a limesurvey with 2 domain accessible : one with example.intra , other with example.org
And something like : if ($_SERVER != "example.intra") { throw 401; }
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- htwsaar
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 1
5 years 6 months ago #173430
by htwsaar
Here is my simple solution:
This works for large ip ranges. By changing the substring you can identify single IPs.
Private unrouted IP ranges would also work (like '192.168').
# Login into admin GUI only for dedicated IP addresses
# in file /application/controllers/admin/authentication.php
$IPRANGE = substr ($_SERVER,0,7);
switch ($IPRANGE) {
case "XXX.XXX":
break;
case "YYY.YYY":
break;
default:
die ('Admins only area!<br />');
Replied by htwsaar on topic Prevent admin login from everywhere
sicoda_limesurvey wrote: HI, this question is 3 years old, but would you give us a hint waht you changed in php ?
Here is my simple solution:
This works for large ip ranges. By changing the substring you can identify single IPs.
Private unrouted IP ranges would also work (like '192.168').
# Login into admin GUI only for dedicated IP addresses
# in file /application/controllers/admin/authentication.php
$IPRANGE = substr ($_SERVER,0,7);
switch ($IPRANGE) {
case "XXX.XXX":
break;
case "YYY.YYY":
break;
default:
die ('Admins only area!<br />');
The topic has been locked.