@mattab opened this Issue on January 26th 2014 Owner

For added security, it would be useful to be able to only allow particular users to login from white listed IP addresses.

  • "Restrict login to Piwik only from these IP addresses" would be a global setting that would restrict all logins to a particular IP address.
  • "Restrict a particular username to login from these IP addresses" would be a setting, per user, optional, that would restrict login by this username.
    • UI: maybe we could extend the 'User Settings' mechanism , to also let Super User edit settings for other users.

Notes:

  • When a user goes to the login form, or tries to login, and the IP is not whitelisted, display a message "Access to this Piwik server is restricted. Please contact the admin to ask them to white list your IP address. more"
    • Learn more link goes to a FAQ on Piwik.org, explaining the WhiteList feature, and also explaining "How do I disable IP whitelisting?"
    • This would help a Super User deactivate the IP white listing feature, if he is locked out.
  • UI: Ips will accept ranges, similarly to the "Ips to exclude" in the Websites settings.
@hpvd commented on January 27th 2014

great idea!

Maybe we should think of a mechanism to prevent that e.g. non advanced users could lock their-selves or more worse all users for ever from their piwik installation....

this could happen

  • if they do not have a static IP (are not aware of this and put this in the restriction rule) and the next day dialling in they got a new IP-address from their provider
  • they put in the IP from somewhere where they now could not get access any-more (ex-girl, ex-employer...)
@mattab commented on November 30th 2017 Owner
@robertharm commented on December 6th 2017

Thanks for adding this useful feature. As I maintain a site where anonynmous access to dashboard is allowed, login is restricted for specific users only, it would be great if this feature could be enhanced to restrict the display of the login form only - currently this has to be done via vhost-config, which isnt the most usable way:

<LocationMatch /piwik/.*Login.*>
Order deny, allow
Allow from .....
</LocationMatch>
@robertharm commented on December 11th 2017

@mattab just discovered that if login_whitelist_ip is set, WordPress backend cannot be accessed if Piwik plugin is active & features from "show statistics" tab are enabled. If you disable e.g. "Dashboard graph:", you can access the backend, the Piwik plugin settings page is still unaccessible if you have not whitelisted the IP too.

So in my opinion securing the login form only would be a better solution as this would not break the Piwik WordPress plugin for other users not whitelisted.

@mattab commented on December 12th 2017 Owner

@robertharm Thanks for the feedback. Could you please create a new issue to note your various suggestions? as we'd like to follow up but this issue is closed. thanks

This Issue was closed on November 30th 2017
Powered by GitHub Issue Mirror