Learn about DokuWiki
Learn about DokuWiki
This plugin supports both IPv6 and IPv4.
This plugin works entirely through settings in the Configuration Manager. You enter a list of IP addresses which are allowed to login to the wiki. All other IP addresses are blocked from logging in. It is useful only in a restricted environment or where there are relatively few users who are allowed login privileges. A restricted environment would, for instance, be a LAN or an office which has its own domain.
Ideally the admin should have access to the server with permission to make changes to local.php, where blocked IP's can, if needed, be removed, to prevent the admin's being locked out. But see initializing for more information about this topic.
Please report back if there are problems, either to the forum or the abortlogin issues on github
|Comma separated list of allowed ip addresses|
|Comma separated list of ip addresses to test; testing limited to admins only|
|Keep a log of failed login attempts||false|
|Enable ip testing. When checked, the test IPs incoming login attempts are tested against the ||false|
allowed: Any IP address included in this list will be allowed access to the login form. If an IP address is not included in this list, access will be denied and a 403 error message will be displayed instead of the login form.
test: IP addresses included in this list will be tested against the
allowedlist. The results of these tests will be printed to the screen as Dokuwiki notifications when an adminstrator is logged in and
enable_testhas been set to true. To remove these notifications, the list must be removed or
enable_testmust re- set to false.
log: If set to true, a log of all rejected IP addresses will be kept in:
data/meta/abortlogin/aborted_ip.logIf you choose to log failed login attempts, it's a good practice to delete the log periodically, since thousands of ip addresses can potentially be logged.
enable_test: This has two functions:
In the case of IPv4 addresses, allowed IP addresses need not be complete addresses. For instance, if on your internal LAN, you have multiple users with IPs beginning with 192.168.1, you can include
192.168.1. in your allowed list. In the case of IPv6 addresses you can include a CIDR modified address for your local network. For instance: CIDR range:
fe80::19c9:eb59:c1c7:fbcc/64. All IPs on your LAN will then be able to login.
Please note the period after the 1. If the address is on the open Internet, without it, IPs with numbers matching
192.168.<n>.<n> could be allowed login privileges.
Using CIDR notation should give you the same protection as noted above for IPv4.
Be sure to test your own IP against the allowed list before logging out the first time, as described initializing in so that you don't accidentally lock yourself out.
Abortlogin provides a technique for initializing and testing the administrator's IP address. The following three conditions must be met:
testlist must be left empty
enable_testmust be set to true
When the administrator logs in, a notification will be printed to the screen indicating whether or not the IP entered for the administrator is correct. The administrator will not be locked out if the administrator's IP, as set in the
allowed list, is incorrect.
!! Important !!
After the admin's IP has been correctly set,
enable_test must be turned off and turned on only when some test IPs have been placed in the test list. Otherwise, anyone coming to the wiki will have access to the login screen. After the initialization, this feature does not have to be turned back on to test IPs. You can do that using the ip validation plugin which is bundled with
Abortlogin comes with an administration plugin which you can access from the Additional Plugins section of the Administration page. Once you have done your initialization, you can use the “Abortlogin IP Validation” plugin for all of your testing. You must still, however, place all of your approved IPs in the
allowed IPs of the Configuration Manager.