This project is not covered by Drupal’s security advisory policy.
There is an open security issue: Security: Bypassing the IP authentication is easy?
Drupal 8 custom Authentication Provider using an IP Consumer White List.
This idea is to enable anonymous user access to Drupal 8 REST Resources using IP addresses as the validation method.
This module enables a UI to add a white list of IP consumers.
The module was generated using Drupal Console.
Usage:
Using the contrib module REST UI (I recommend using the git version, until its first Drupal 8 release), you can enable REST Resources using the Authentication Provider ip_consumer_auth.
Remember to enable the specific permissions for the REST Resource to anonymous user, as you can see in the following image:
If you are interested in creating your own Drupal 8 Authentication Provider, you can read the blog entry How to create an Authentication Provider in Drupal 8.
If you are interested in contributing, please create a PR in GitHub https://github.com/enzolutions/ip_consumer_auth
Attachment | Size |
---|---|
rest_anonymous_permission.png | 36.4 KB |
Project information
- Module categories: Access Control
- 47 sites report using this module
- Created by -enzo- on , updated
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.