Jump to content

Is it possible to restric access to /admin page to only specific ip address?

ak1001

By ak1001,
in Security

 Share

Recommended Posts

Robin S Hero Member

Robin S

Posted
Posted

You could edit /site/templates/admin.php so that it looks something like this: 

// Get the user's IP address
$ip = $session->getIP();
// Define the allowed IP addresses
$allowed_ips = ['111.111.111.111', '222.222.222.222'];
// Check user's IP is allowed
if(!in_array($ip, $allowed_ips)) {
	return 'Access denied';
}

require($config->paths->adminTemplates . 'controller.php');

 

  • Thanks 2
Link to comment
Share on other sites
  • 2 years later...
howdytom Full Member

howdytom

Posted
Posted

@Robin S Thanks for sharing. Using the code above throws an unknown error when I login into ProcessWire. Is it still valid for ProcessWire 3.0.229? 

Fatal Error: Cannot redeclare _hookSessionRedirectModal() (previously declared in wire/core/admin.php:36) (line 36 of wire/core/admin.php)

 

Link to comment
Share on other sites
Robin S Hero Member

Robin S

Posted
Posted
21 minutes ago, howdytom said:

Using the code above throws an unknown error when I login into ProcessWire. Is it still valid for ProcessWire 3.0.229?

There isn't anything in that code that should cause an error in any version of PW.

Just a guess, but given that the error message originates from /wire/core/admin.php make sure you have edited /site/templates/admin.php and not /wire/core/admin.php by mistake.

  • Like 1
Link to comment
Share on other sites
howdytom Full Member

howdytom

Posted
Posted

Yeah, this is what I had in mind too. I never touched /wire/core/admin.php. I have edited /site/templates/admin.php. When I open the ProcessWire Admin url a Internal Error shows up below the input fields. It is happening with PHP 7 and PHP 8.2

image.thumb.png.f4bae5d5fa284938fff0fba6ccb75f6f.png

 

Link to comment
Share on other sites
Robin S Hero Member

Robin S

Posted
Posted

@howdytom, I think I see where the confusion comes in. In more recent PW versions the require() line in /site/templates/admin.php is... 

require($config->paths->core . "admin.php");

...whereas in earlier versions it is... 

require($config->paths->adminTemplates . 'controller.php');

These both end up doing the same thing so you should only have one require() in the file.

The functional part of my code is this bit: 

// Get the user's IP address
$ip = $session->getIP();
// Define the allowed IP addresses
$allowed_ips = ['111.111.111.111', '222.222.222.222'];
// Check user's IP is allowed
if(!in_array($ip, $allowed_ips)) {
	return 'Access denied';
}

I only include the require() line to indicate that my code needs to be inserted above the existing contents of /site/templates/admin.php

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...