Require network address

Require network address

by Clint Adair -
Number of replies: 9

Hello fellow Moodle users.

We are trying to use the "Require network address" feature on quizzes and are not able to get it to work.  We want to restrict quiz access to only computers on a certain network.  

I put in a partial address (example: 192.168.1) so that any computers starting in the same range can access the quiz.  However I get the message "This quiz is only accessible from certain locations, and this computer is not on the allowed list." when now opening the quiz. I verified the IP address of the computer and it is in the same range, but gets the mesaage about not being allowed. Tried 3 other computers on the same network and all get the same message.

So then I tried putting in the full exact IP of the computer (example: 192.168.1.100) in the Require Network address field in the quiz options, and still am not able to access the quiz.  Get the "This quiz is only accessible from certain locations, and this computer is not on the allowed list." message each time.

Any help on this would be greatly appreciated. This feature is exactly what we were looking for and I was excited to find it in Moodle, but am stumped as to why it is not working as expected. Using Moodle 2.6.7 (Build: 20150112)

Thanks.

Attachment Screen Shot 2015-11-17 at 12.07.58 PM.png
Attachment Screen Shot 2015-11-17 at 12.08.18 PM.png
Average of ratings: -
In reply to Clint Adair

Re: Require network address

by Mike Verna -

Are you sure you are using the correct IP?

For instance the IP range of the computers on our network are 10.0.#.#, however our internal network is behind a DMZ with the number of 265.344.5.8 ( I know that does not exist only for this example).  

Lets say our Moodle site address is 265.344.5.89.  If I only want the machines behind our DMZ to be able to take the quiz, the number in this case I would put in the Required Network address would be 265.344.5.8, the address of the DMZ above.

If you are not sure use a website like https://www.whatismyip.com/ from a few machines, and see if they pull up the same address, that is the address the world sees that workstation as.


Average of ratings: Useful (1)
In reply to Mike Verna

Re: Require network address

by Clint Adair -

Thanks Mike.

I am trying to restrict based on the LAN not the WAN. There are two distinct networks in the school, 192.168.1.x and 192.168.2.x and I would like to set it up so that only computers connected to 192.168.1.x range could take the quiz. Any computer with an address of 192.168.2.x would not be able to access the quiz.

The description of the "Require Network Address" quiz setting in Moodle stated "Quiz access may be restricted to particular subnets on the LAN" so I was expecting using a LAN address range would achieve that result. Is that not possible? Is it only able to restrict based on the WAN address, or the address the world sees, as you described it?

If I use the WAN IP of the school like you describe, then yes I am still able to access the quiz with computers that have that public address. Which is still a nice feature, but not the one I was looking for, which is restricting by Local Network Address. Hoping that this is still possible and I am just missing something in setting this up.

Thanks so much for your help and clarification.

Average of ratings: -
In reply to Clint Adair

Re: Require network address

by Eoin Campbell -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers

You might need to specify a subnet range such as 192.168.1.0/24 to make it work, cf. https://docs.moodle.org/29/en/Quiz_settings#Extra_restrictions_on_attempts

Average of ratings: Useful (1)
In reply to Eoin Campbell

Re: Require network address

by Clint Adair -

Thanks Eoin, I tried the range as well (example 192.168.1.1/225) but still am getting the error from computers with LAN addresses in that range. 

Average of ratings: -
In reply to Clint Adair

Re: Require network address

by Paul Nicholls -
You're almost there with your network mask - what you're after is 192.168.1.0/24 (which will allow anything within the 192.168.1.* range), as Eoin suggested (your "225" suggests that you're probably thinking of a full network mask - the "/24" is equivalent to a netmask of "255.255.255.0", which is what you're wanting here).  That said, your initial attempt of "192.168.1" should also work - but it does leave Moodle to try to figure out what you meant, rather than giving it explicit instructions.

I suspect that other people who have contributed to this thread may be on the right line, though - your Moodle server does not appear to be seeing the client computers' local IP addresses.  Have you checked the "IP address" column in the Moodle logs to confirm whether it's seeing the 192.168.* addresses or something different?  Depending on your network setup (and where your Moodle site is hosted), each of the two ranges you mentioned (192.168.1.* and 192.168.2.*) might have its own IP address (in a different range) which gets seen by your Moodle server, in which case you can simply use the corresponding address in your quiz settings; if not, you may need to talk to your network admin(s) about whether it's actually possible to identify which of the two ranges a client is connecting to your Moodle server from, based purely on IP address.  It may be that you'll need to find an alternative solution, such as setting a password on the quiz and only giving it to the people who should be sitting the quiz at the time - you could change the password frequently, in an effort to reduce sharing, if that's a concern.
Average of ratings: Useful (1)
In reply to Paul Nicholls

Re: Require network address

by Clint Adair -

Thanks Paul, yes according to the logs the IP addresses that Moodle is seeing are the WAN addresses and yes our Moodle server is hosted offsite so that makes sense. So what I am learning now is that in order to restrict access based on local network, Moodle would have be hosted onsite in the local network. Being able to restrict by both WAN and LAN would be ideal so to keep all quiz access only to those physically at the school and on the testing computers we assign. But that would require Moodle to see both IP addresses. 

We have used the password on the quiz as well, and using the IP address feature was the alternate solution we were looking into. The password setting works great, just requires the frequent changing as you mentioned to provide the security we were looking for.

Thanks again for the help.

Average of ratings: -
In reply to Clint Adair

Re: Require network address

by Tim Hunt -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Did you click the (?) icon and read what it says? I think you need to type 192.168.1.*

Average of ratings: -
In reply to Tim Hunt

Re: Require network address

by Clint Adair -

Thanks Tim, clicking the (?) says 

Quiz access may be restricted to particular subnets on the LAN or Internet by specifying a comma-separated list of partial or full IP address numbers. This can be useful for an invigilated (proctored) quiz, to ensure that only people in a certain location can access the quiz.

And according to Moodle Docs:

Require network address
There are three types of numbers you can use (you can not use text based domain names like example.com):
  1. Full IP addresses, such as 192.168.10.1 which will match a single computer (or proxy).
  2. Partial addresses, such as 192.168 which will match anything starting with those numbers.
  3. CIDR notation, such as 231.54.211.0/20 which allows you to specify more detailed subnets.
Spaces are ignored.

I tried with the last period, without, also tried the *, and the range 1/255. Even putting in the full IP didn't work for the LAN. So it must have something to do with what address Moodle is seeing like others have suggested. I will look into that.

Average of ratings: -