Authentication: Authentication by IP

auth_ip
Maintained by Picture of Jordi Pujol-Ahulló Jordi Pujol-Ahulló, Picture of Robert Boloc Robert Boloc
This authentication plugin helps to manage manual accounts being accessed only by the list of restricted IPs.
51 sites
63 downloads
3 fans
Moodle 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2

Authentication plugin restricted by IP

This authentication plugin helps to manage manual accounts being accessed only by the list of restricted IPs.

New feature: Version 1.3 has a new feature to take the IP behing load balancers and proxies.

Installation

Install it as usual:

  • Download it (via zip or git) into MOODLE/auth/ip
  • Log in into Moodle
  • Go to "Notifications"
  • Set up the list of IPs enabled to access to your Moodle.
  • Save changes.
  • Go to Administration->Plugins->Authentication->Manage plugins
  • Enable plugin "Authentication by IP".

Usage

Setting this authentication type to a user:

  • Go to a user profile.
  • Set the authentication type "Authentication by IP"

Updating the list of restricted IPs:

  • Go to Administration->Plugins->Authentication->Manage plugins
  • Update the list of IPs

NOTE: After updating the list of IPs, an email will be sent to the administrator email, just for security.

License

It is released as GPL v3.

Authors:

Copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat)

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2
Screenshot #3
Screenshot #4
Screenshot #5
Screenshot #6
Screenshot #7
Screenshot #8
Screenshot #9

Contributors

Picture of Jordi Pujol-Ahulló
Jordi Pujol-Ahulló (Lead maintainer)
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Jordi Pujol-Ahulló
    Tue, 3 Dec 2013, 7:04 PM
    Yes. I point it out. I'll check it asap. Thank you very much!!!
  • Picture of Jordi Pujol-Ahulló
    Wed, 4 Dec 2013, 6:36 AM
    Checked and it works ok on M2.6+
  • Picture of Praj Basnet
    Wed, 22 Jul 2015, 8:01 AM
    Can you restrict an ip address by ip range e.g. using CIDR notation like 192.168.1.1/24 ?
  • Picture of Jordi Pujol-Ahulló
    Wed, 22 Jul 2015, 5:01 PM
    Hi, No. It does not support subnetting. You can contribute with this via a pull request on the github repo, if you're so kind.
  • Picture of Jordi Pujol-Ahulló
    Thu, 18 Feb 2016, 7:09 PM
    +Robert Boloc added support for subnetting. In addition, it also works on M3.0.*
  • Picture of Leslie Foster
    Thu, 28 Jul 2016, 5:24 PM
    I have a question if I may?

    If I want to have it such that users can login using a password, but only if they are on a certain IP address, then this plugin can do that? i.e. the password authentication and the IP authentication can be stacked?

    Thanks

    Les
  • Picture of Rafael Franco
    Tue, 31 Jan 2017, 1:34 AM
    When I use it it blocks access for the user, even from the ips in the allowed list
  • Picture of Jordi Pujol-Ahulló
    Tue, 31 Jan 2017, 2:52 PM
    Hi Rafael!

    Check the Moodle logs and extract the IP your user is logging in. It can be something related to the infrastructure that (internal IP, NATs) that prevent arriving the IP you are expecting into Moodle. It the IP is one of you are defining in the plugin settings (or in the IP range), please, come back again with more detail, so that we can manage to see what is happening.

    It would be better if you report it into the github.

    Jordi
  • Picture of Jordi Pujol-Ahulló
    Tue, 31 Jan 2017, 2:53 PM
    Hi Leslie,

    Actually, this plugin is just for what you are asking for: it's like a manual authentication including the restriction of logging in from a given IP or IP range.

    Sorry for the late answer,

    Jordi
  • Picture of Rafael Franco
    Wed, 8 Feb 2017, 4:18 AM
    This is from my last conversation with Jordi:

    What I can check from our plugin at https://github.com/SREd-URV/moodle-auth_ip/blob/master/auth.php is that if you state fixed IPs (not ranges), the only problem that may arise is that the REMOTE_ADDR processed in the server side does not match, somehow, to the expected IPs. Could you login as admin from one of those IPs and check the PHP information from the server, and report here the line related to the REMOTE_ADDR. Please, add the confirmation that the shown IP is the corresponding, expected IP.
  • Picture of Rafael Franco
    Wed, 8 Feb 2017, 4:21 AM
    after login as admin from the specified IP and checking the PHP info the REMOTE_ADDR is different from the IP address I listed as allowed. Does this mean that I need to express the IP address as a range instead of a fixed IP?
  • Picture of Jordi Pujol-Ahulló
    Thu, 9 Feb 2017, 3:16 AM
    Thanks Rafael for reporting this issue and also a PR in the github repository. It is already on the master branch and available to the community.
  • Picture of Jordi Pujol-Ahulló
    Thu, 9 Feb 2017, 3:25 AM
    Thanks to Rafael, we have available the version 1.3 with that new feature.
  • Picture of Dagwin Roelants
    Mon, 13 Feb 2017, 10:38 PM
    Hi,
    I'm looking for a plugin that allows guest access if coming from a certain IP and blocks all other guests.
    Is this possible with this plugin?
  • Picture of Jordi Pujol-Ahulló
    Mon, 13 Feb 2017, 11:25 PM
    Hi!

    This plugin inherits the behaviour of a "manual" auth plugin, and adding a restriction of the list of allowed IPs.

    Consider that "guest" access is something related to the enrolment of a user into a cours (enrol/guest). It is not related to the authentication access. I do not know if there is any other enrolment plugin restricting IP access. I can suggest you to ask it into the tracker as an additional feature form the enrol/guest plugin. Another option is to implement your own enrolment plugin (enrol/ip?) inheriting all from enrol/guest and adding the restriction for the allowed IPs.

    There may be another option: set up a course with a guest access, and then restrict all elements be accessible to a given value on a user profile item. I didn't make it so take it as a suggestion.

    Regards,

    Jordi
1 2
Please login to post comments