The IP address is not effective
| Project: | Restrict Login Access by IP Address |
| Version: | 5.x-1.0-beta4 |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | normal |
| Assigned: | peligrorice |
| Status: | needs review |
Jump to:
Hi There,
I
Thanks for this grate module, I have installed and tried to setup an IP address for one user as a test and it seams whatever I put there, it will allow the user to log in. Looks like the module doesn't apply any restrictions.
I have checked the Db and I can see that the IP has been stored in DB, but when I want to login, it doesn't check to see if user comes from that IP or not.
I have installs the beta-4 under dp5.7. I have tested with my local machine and also on an external server, both the same result. I have tried beta-3 and same issue again. Is there any other specific setting I should follow? I just setup the redirect page and then for one user I just set the IP address, that's all I did.
Any help would be appreciated,
Cheers,
#1
I found why this is happening, I have used a module called "Login Destination" and looks like these two module don't work with each other. If "Login Destination" is enabled, then "Restrict Logging Access by IP" is not effective anymore.
Any solution to fix that?
Thanks
#2
The module works by re-directing the user to a url that the module "watches" if they aren't allowed to login from their current IP Address. If the user is sent to this url then they are logged out and should be sent to the correct error page. (This is why it doesn't work with login destination, this module re-directs the user as well)
I believe there is a better way to do this, i.e. before the user actually logs in, but from what I can remember when I created the module, the API wouldn't allow me to fetch the correct info until the user was logged in. I would have to dig around a bit more to flesh this out. If you look into this and find anything useful please post what you find.
#3
#4
Let me make sure I understand how this module works:
1. User goes to site.
2. Logs in.
3. IP is checked versus allowed IP list.
4a. If there's a match, the user redirects back to the user page.
4b. Else, user is logged out and redirected to an error page.
So, in other words, the module doesn't really restrict login -- it just automatically logs you out if you're not browsing from the right place.
Sort of like letting you in, then kicking you out if you don't have a ticket.
I need to understand this, because if that's how it works, my client probably won't regard it as an acceptable solution. They want to simply be able to block people from even being able to see the login page if they don't have the right IP.