Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: apply IP restrictions to login form only #12352

Closed
seyfro opened this issue Dec 12, 2017 · 7 comments
Closed

Feature request: apply IP restrictions to login form only #12352

seyfro opened this issue Dec 12, 2017 · 7 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@seyfro
Copy link

seyfro commented Dec 12, 2017

Follow-up ticket to comments at #4577 (comment)

With Piwik v3.2.1 IP restrictions for viewing dashboards were introduced (https://piwik.org/faq/how-to/faq_25543/)

An unwanted sideffect from this feature is that e.g. the Piwik plugin for WordPress is broken, resulting in unaccessable backend for all users where have the permission to "show statistics" and "Dashboard graph".

I guess it would be best to add a new option which allows to restrict access to the login form only, as this would not break the Piwik WordPress plugin for other (WordPress) users whose IP is not whitelisted.
@MaximeCulea
Copy link

MaximeCulea commented Oct 29, 2020
edited

Hello there, this is definitely a must-have feature for multiple purposes:

  • security, in adding a layer of authorization on the login form, which is pretty handy in case of bruteforce.
  • before even allowing any registered user, it filters the people from where they can connect from. In big companies, such I work with, they all do connect from a VPN, Firewall, etc, which is mandatory to use an application.

This could be done in two way:

  • for the self-hosting, an htaccess config documented in a FAQ.
  • for other instances, a global configuration where we edit an IP list. Of course, a check could be done on the current IP to prevent any self lockdown.

@sgiehl
Copy link
Member

sgiehl commented Oct 29, 2020

@MaximeCulea
Regarding .htaccess restriction there are some notes in this FAQ: https://matomo.org/docs/security-how-to/#other-tips
To restrict the login for certain IPs you can use the config: https://matomo.org/faq/how-to/faq_25543/

@MaximeCulea
Copy link

@sgiehl awesome, that's what I was talking about. Thank you!
Badly, the internal search tool and Google search did not allowed me to find this documentation :/

Anyway, I have like 32 IPs to add, is there a way to add some comments into the config.ini.php to arrange them?

@sgiehl
Copy link
Member

sgiehl commented Oct 29, 2020

Anyway, I have like 32 IPs to add, is there a way to add some comments into the config.ini.php to arrange them?

sure. You can start comments using ;

@MaximeCulea
Copy link

Many thanks !! @sgiehl
Hope I didn't carjack the issue of @robertharm :)

@seyfro
Copy link
Author

seyfro commented Oct 29, 2020

ok for me @MaximeCulea ;-)
Thanks for the update - did not know that login_whitelist_ip[] exists - so the issue could actually be closed IMO

@tsteur
Copy link
Member

tsteur commented Oct 29, 2020

Thanks @robertharm

@tsteur tsteur closed this as completed Oct 29, 2020
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Oct 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@seyfro @tsteur @sgiehl @MaximeCulea