Everything is described here: https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication
In a nutshell – add these settings to local.cfg. The authentication order is important: authentication-ip.MY_UNIVERSITY = 10.1.2.3, \ # Full IP 13.5, \ # Partial IP 11.3.4.5/24, \ # with CIDR 12.7.8.9/255.255.128.0, \ # with netmask 2001:18e8::32 # IPv6 too plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication Where MY_UNIVERSITY is the group name you can change here. You must create the same group in your repository and then set READ access for the bitstream only to this group. The example IP addresses provided later should be replaced with your own. And that’s basically the entire configuration on the DSpace side. However, it’s also important to check whether the client’s IP address actually reaches DSpace—make sure it’s not the address of a proxy server instead of the direct client. Regards, Mariusz środa, 19 lutego 2025 o 11:53:45 UTC+1 Jayachristrayar S napisał(a): > hello guys, > > I'm also looking for same guidance or documentation on how to restrict > access to DSpace documents. Specifically, I need to: > > - Make bitstream files accessible only via IP-based authentication (so > only users from certain IPs can access them). > - For non-IP users, restrict access and provide a "Request a Copy" > option. > > If you found or anyone has experience setting this up or any documentation > on how to do it, please share. > > Would really appreciate any help! > > On Tuesday, September 3, 2024 at 5:34:19 AM UTC+5:30 Fitchett, Deborah > wrote: > >> When I tested it(*), users didn't need to login - rather, if you access >> the website from a specific IP address/range you're automatically/invisibly >> given access as the associated usergroup and can view/download the >> restricted records and files. >> >> I did notice that the "Login" option in the top menu still appeared >> instead of showing as logged in - but that made sense because the user >> isn't actually 'logged in' per se, only granted access for the moment based >> on current IP address. >> >> Deborah >> (*) In December last year - I can't remember which version of DSpace we >> were on at the time but it was 7.something. >> >> >> >> -----Original Message----- >> From: [email protected] <[email protected]> On Behalf Of >> Nada Abo Eita >> Sent: Monday, September 2, 2024 3:07 AM >> To: DSpace Technical Support <[email protected]> >> Subject: [dspace-tech] IP based authentication step >> >> [You don't often get email from [email protected]. Learn why this is >> important at https://aka.ms/LearnAboutSenderIdentification ] >> >> Caution: This email originated from outside our organisation. Do not >> click links or open attachments unless you recognize the sender and know >> the content is safe. >> >> >> Dear support team, >> >> We have a record where we need to restrict its access to be only on >> campus. I have read that in this scenario we have to enable IP >> Authentication. However, this plugin is based on authentication first to >> assign logged-in user to the group assigned the ip ranges. Is there a way >> to check the ip ranges and grant access without the need for the >> authentication step? >> >> -- >> All messages to this mailing list should adhere to the Code of Conduct: >> https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >> --- >> You received this message because you are subscribed to the Google Groups >> "DSpace Technical Support" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/dspace-tech/7B39E157-9553-4363-893B-26879FCF117E%40gmail.com. >> >> >> >> ________________________________ >> >> "The contents of this e-mail (including any attachments) may be >> confidential and/or subject to copyright. Any unauthorised use, >> distribution, or copying of the contents is expressly prohibited. If you >> have received this e-mail in error, please advise the sender by return >> e-mail or telephone and then delete this e-mail together with all >> attachments from your system." >> > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/8d879134-e197-4ade-a3ac-b13151ed152fn%40googlegroups.com.
