[contribteam] [Bug 10768] NFR: block|allow panels by country

[bugzilla-daemon--- via contribteam]

https://bugs.contribs.org/show_bug.cgi?id=10768

Jean-Philippe Pialasse <te...@pialasse.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |IN_PROGRESS

--- Comment #1 from Jean-Philippe Pialasse <te...@pialasse.com> ---
one step is a simple httpd-admin ValidFromGeoIP 
will add access to listed countries to managers and all
  ressources using the usual list from httpd-admin Validfrom (local ibays,
contribs...)


works great, but beware all those resources will be accessible from the whole
Country
as if you would have  added all its ISP IP blocks as authorized in ValidFrom

still a bit more secure than adding 0.0.0./0.0.0.0 but ... you known vpn and
proxies exists....

done and submited

/usr/bin/plague-client build smeserver-mod_maxminddb
smeserver-mod_maxminddb-1_1_0-11_el7_sme contribs10
Package smeserver-mod_maxminddb enqueued.  Job ID: 3115.

%changelog
* Fri Apr 02 2021 Jean-Philippe Pialasse <te...@pialasse.com> 1.1.0-11.sme
- add option to allow countries to external access to manager [SME: 10768]
  ValidFromGeoIP will add access to listed countries to managers and all
  ressources using the usual list from httpd-admin Validfrom (local ibays,
contribs...)


next steps will be to add

1- by ibay filtering
2- by location / domain|ALL in Virtualhost

example 1
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/91GeoipAccess40ibays

  <Directory /home/e-smith/files/ibays/test/html>
    <IfModule mod_maxminddb.c>
        order allow,deny
        allow from all        
        MaxMindDBEnable On
        MaxMindDBFile DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
        MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
        SetEnvIf MM_COUNTRY_CODE ^(RU|DE|FR) BlockCountrytest
        Deny from env=BlockCountrytest
    </IfModule>
</Directory>


example 2 : override access to user-password for whole canada; refuse FR| DE
even if ip has been defined earlier
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/29Geoip2ManagerProxyPass

    <Location /user-password>

      <IfModule mod_maxminddb.c>
        order deny,allow
        deny from all
        MaxMindDBEnable On
        SetEnvIf MM_COUNTRY_CODE ^(CA) AllowCountryUserPassword
        SetEnvIf MM_COUNTRY_CODE ^(FR|DE) DenyCountryUserPassword
        deny from env=DenyCountryUserPassword
        allow from env=AllowCountryUserPassword
      </IfModule>
    </Location>

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/