This is an old revision of the document!
Table of Contents
AbortLogin Plugin
Compatible with DokuWiki
hrun,detritus,"Elenor Of Tsort","Frusterick Manners",Greebo
This extension has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues.
Similar to ipban
Installation
Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.
IPv6
There is a version of this plugin which supports IPv6 as well as IPv4. It has its own documentation page abortlogin:ipv6.
Usage
This plugin works entirely through settings in the Configuration Manager. You enter a list of IP addresses which are allowed to login to the wiki. All other IP addresses are blocked from logging in. It is useful only in a restricted environment or where there are relatively few users who are allowed login privileges. A restricted environment would, for instance, be a LAN or an office which has its own domain.
Caution
Ideally the admin should have access to the server with permission to make changes to local.php, where blocked IP's can, if needed, be removed, to prevent the admin's being locked out. See configuration_and_settings for more information about this topic.
Configuration and Settings
Option | Description |
---|---|
allowed | Comma separated list of allowed ip addresses |
test | Comma separated list of ip addresses to test; testing limited to admins only. No testing when empty. |
log | Keep a log of failed login attempts |
enable_test | Enable ip testing and initialize blocking. No blocking or testing when false. |
allowed
: Any IP address included in this list will be allowed access to the login form. If an IP address is not included in this list, access will be denied and a 403 error message will be displayed instead of the login form.test
: IP addresses included in this list will be tested against the allowed list. The results of these tests will be printed to the screen as Dokuwiki notifications when an adminstrator is logged in. To remove these notifications, the list must be removed.log
: If set to true, a log of all rejected IP addresses will be kept in:
data/meta/abortlogin/aborted_ip.log
enable_test
: When checked, the test IPs and most incoming login attempts are tested against the <allowed> list and their status reported. When not checked, login attempts are not blocked. As a practical matter, this gives the admin a chance to set up an initial allowed list without being blocked. Do not forget to turn this to true after initializing your ips. To stop reporting after this is set to true, remove all test IPs from the testing list.
The list of allowed IP addresses need not be complete addresses. For instance, if on your internal LAN, you have multiple users with IPs beginning with 192.168.1, you can include the following in your allowed list: 192.168.1.
. All IPs on your LAN will be able to login. Please note the period after the 1. Without it, IPs with numbers like 192.168.123
could be allowed login privileges. Be sure to test your own IP against the allowed list before logging out the first time, so that you don't accidentally lock yourself out. If that happens, you can disable the plugin by placing an empty file named disabled
in the plugin's directory.
If you choose to log failed login attempts, it's a good practice to delete the log periodically, since thousands of ip addresses can potentially be logged.
Change Log
- updates version (2020-07-05 15:54)
- updates version (2020-07-05 15:15)
- Adds failsafe: placing disabled file in abortlogin directory (2020-07-05 15:12)
- updates langauge string in settings.php (2020-07-04 15:31)
- update version (2020-07-04 14:57)
- minor efficiency fix (2020-07-04 14:32)
- Sets up an allowed pre-check facility (2020-07-04 04:36)
- Update info.txt (2018-07-04 21:07)
- updates info (2017-12-04 14:10)
- Merge pull request #3 from turnermm/strict (2017-12-04 13:59)
- Modified preventing login by barred IP with stolen credentials to fo… (2017-12-03 12:50)
- Prevent login by someone from barred IP who has stolen user credentials. (2017-12-03 06:24)
Discussion
IPV6 Support
Thank you - great plugin
Would be really great if it worked with ipv6 addresses - LG
Now available: abortlogin:ipv6.
User group based restriction
Great plugin! but there should be a way to restrict any one user group to work from a given ip address instead of restricting all users.The use case is that there can be users who are allowed to access from anywhere but there is need to restrict some user groups to work from only our place of work.