[development] Apache restriction for admin interface...

Ken Rickard agentrickard at gmail.com
Fri Oct 2 14:42:11 UTC 2009


I do have a solution in the works that combines the two approaches. I
have an abstract IP-address checker that can be used to set control
lists based on inbound IP patterns. You could use it in hook_init() to
deny access to /admin.

To give an idea, here a use-case.

-- On user login, if the user name matches user 1, check the IP
control list for 'admin login'.
-- We then regex the IP (127.0.0.100) vs. a list of valid IPs for that
control list.
-- The list can contain full octets or partials, with regex patterns \d and 0-9.
-- So 127.0.0.100 would match the patterns 127.0 or 127.0.0.10\d.
-- On fail, disallow the login.

All the module actually does is return boolean TRUE/FALSE for the
check, and then cache the results for performance. The cache is wiped
when control lists are updated.

The control lists are managed through a UI (though they can also be
defined in a hook and marked as "uneditable" through the UI).

Problem is, the code is unfinished, and needs 20-30 hours of love.  If
anyone is interested in co-maintaining, I can set up a CVS project.

Anyone interested should send me a note off-list.

- Ken Rickard
agentrickard

On Fri, Oct 2, 2009 at 9:19 AM, Jennifer Hodgdon <yahgrp at poplarware.com> wrote:
> Philip Mather wrote:
>>
>> Afternoon,
>>   I'm the paranoid type and so after installing and setting up my lovely
>> new drupal site I decided that, with all due respect, I'd feel much more
>> comfortable restricting access to the /admin section with an apache
>> password
>> prompt. [...]
>
> It looks like your solution is somewhat different from the approach of
> http://drupal.org/project/securesite
>
> Would you consider writing up a page for the Drupal Handbook explaining what
> you did? And maybe mentioning the module above too, and what the differences
> are, and any other modules you found that have similar aims? It could
> possibly go under:
> - Advanced installation http://drupal.org/node/346385
> - Beyond the Basics - How Tos http://drupal.org/handbook/customization/howto
> - Comparisons of contributed modules (if you have several modules to
> compare) http://drupal.org/node/266179
>
> Anyone with a drupal.org account (which anyone can get) can write a book
> page. Just navigate to the parent page and click "Add child page" at the
> bottom.
>
>   --Jennifer
>
> --
> Jennifer Hodgdon * Poplar ProductivityWare
> www.poplarware.com
> Drupal, WordPress, and custom Web programming
>
>



-- 
Ken Rickard
agentrickard at gmail.com
http://ken.therickards.com


More information about the development mailing list