This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Developer Portal - Admin URLs - Access Restriction - Internal IPs ?

Posted on 07-17-2016 11:17 PM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

/admin urls’ must only be accessible from internal subnet - not public internet. How can i implement same on Apigee Developer Portal ?

~~Q:S:S~~

Solved Solved
1 5 1,068
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Programmatically, you could do this as follows in a custom module, implementing hook_init().

function mymodule_init() {
  if (arg(0) == 'admin') {
    $ip = $_SERVER['REMOTE_ADDR'];
    // Allow access from 192.168.1.0/24 or from localhost,
    // exclude everything else.
    if (substr($ip, 0, 10) != '192.168.1.'
        && substr($ip, 0, 4) != '127.'
        && $ip != '::1'
    ) {
      drupal_access_denied();
    }
  }
}

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

One of the ways is to block admin pages access at your server level configuration

If web server is apache add following to httpd.conf

<Location /admin/>
    Order Allow,Deny
    Allow from 192.168.1.0/24
</Location>


nginx


location /admin/ { 
  # allow anyone in 192.168.1.0/24
  allow 192.168.1.0/24;
  # drop rest of the world
  deny all;
}

This will allow access to admin pages from ip ranges within subnet of 192.168.1.0/24.

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

Be aware that /index.php?q=admin is also a valid path, and is an alias to /admin. Your Apache or nginx configuration will need to be more complex than the above in order to block this pattern.

Jump to Solution

Posted on --/--/---- --:-- AM
williamking
New Member
Reply posted on --/--/---- --:-- AM

Out of curiosity, is there a way to do this directly in Drupal? Provide an ip range and/or specific IP addresses and restrict all admin access to requests from those IPs?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to williamking
Reply posted on --/--/---- --:-- AM

Yes, that's possible we just need to change access callback for admin pages and inside the access callback we will need a way to get all ips for a subnet and depending on it return true or false. In fact this will make sure for access check for non clean URLs

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Programmatically, you could do this as follows in a custom module, implementing hook_init().

function mymodule_init() {
  if (arg(0) == 'admin') {
    $ip = $_SERVER['REMOTE_ADDR'];
    // Allow access from 192.168.1.0/24 or from localhost,
    // exclude everything else.
    if (substr($ip, 0, 10) != '192.168.1.'
        && substr($ip, 0, 4) != '127.'
        && $ip != '::1'
    ) {
      drupal_access_denied();
    }
  }
}
Jump to Solution