Check out the LimeSurvey source code on GitHub!

Blocking admin page from outside networks

More
4 years 4 months ago #86721 by muriloconte
For security matters I need to block the access to admin/ directory from networks outside my company. I know I can block admin/ directory with .htaccess or whatever, but still anyone in the world can have access to the login page with the url "index.php/admin/authentication/login", which is not covered by the .htaccess.

How to REALLY block it and secure the login/admin pages?

Please Log in to join the conversation.

More
4 years 4 months ago #86722 by spacejanitor
I know you could do this with IPtables to make a whitelist of allowed IPs to access your domains. I've used this to control access to an entire server, by modifying it in /etc/apache2/default-config.conf, however I didn't use it control access to an individual directory.

Maybe some more senior Linux gurus can help with this one.

I'm a call centre and market research technology consultant, lead/sample provider, and panel broker.

I'm also the co-founder and former IT Director of Winning Research Ltd. - LimeSurvey helped the company become a multi-million dollar company within just a few years!

Please Log in to join the conversation.

More
4 years 4 months ago #86750 by DenisChenu
order deny,allow
deny from all
allow from 192.168.0.1
There are possibility by referrer (see RewriteCond %{http_referer})

Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form