I wrote a little module that allows to disable access to some webfm folders based upon the users IP. We needed this for our institutes website where only students from within the universities IP Range are supposed to be allowed to download from certain folders.

This is partly based upon ipAuthenticator.

For security you must also consider the small patch to webfm.module - for some reason it is possible to bypass invoking the webfm_send-hook. I don't know why, but its likely that it was not intended that this could be done by a url call.

CommentFileSizeAuthor
#7 webfm_ipfolder.tar.gz5.44 KBnhck
webfm_menu_callback.patch597 bytesnhck
webfm_ipfolder.tar.gz3.93 KBnhck

Comments

robmilne’s picture

robmilne commented

Hi Niels,

Thanks for your excellent module. I haven't been actively maintaining WebFM lately due to lack of time and so I greatly appreciate help from people who add improvements. Thanks also for the patch. I write myriad kinds of software so I cannot remember what the purpose of the bypass var was except to provide streaming for the "alternative streaming". Doesn't make much sense to me now either so I will remove.

I can add your module to the 'modules' folder of WebFM but it will be impossible for you to directly maintain without my cvs pw - maintenance via patch submission only. The other option is for you to get a cvs account and create your own project (I can link to it on the WebFM project page). The choice is yours.

-rob

nhck’s picture

nhck commented

It does make some sense if you write a module that uses the webfm_send-hook and you would like to call webfm_send_file from within it to actually stream the file. But in my opinion it shouldn't be possible to bypass the hook directly through the url.

Other than that I am fine with adding the module to the modules-folder of webfm.

nhck’s picture

nhck commented
Status: Needs review » Reviewed & tested by the community

Maybe we can have this ported in a Development snapshot, and provide it here: http://drupal.org/project/webfm to get some feedback.

robmilne’s picture

robmilne commented

Hi Niels,

I hope to get back to some webfm maintenance in the near future if my schedule slows down as I'm expecting. There is a large backlog of issues which will probably take more than a few days to deal with - especially since my php-js skills have atrophied with disuse.

-rob

robmilne’s picture

robmilne commented

Hi Niels,

Would you mind taking the time to add a hook_help function to clarify usage?

-rob

robmilne’s picture

robmilne commented
Status: Reviewed & tested by the community » Fixed

in head

nhck’s picture

nhck commented
Status: Fixed » Patch (to be ported)
StatusFileSize
new webfm_ipfolder.tar.gz5.44 KB

Rob - I have to admit I had forgotten about your request. Sorry..

Some changes I made:

  • Included hook_help
  • Created a German translation
  • Clarified some of the English description & spelling mistakes
robmilne’s picture

robmilne commented

Thanks Niels. I'll update head but I'm actually in the process of giving the module away and may not do another release - time is too limited in one lifetime to do everything. I have to focus on other projects.

Are you are interested in taking the module over?

robmilne’s picture

robmilne commented
Status: Patch (to be ported) » Fixed

In head

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.