Hi, May be it's not the best solution, but it's a solution.
You can add the following somewhere in your httpd.conf config file. In this case only authorised adress can acces to dl and the admin page. ServerName "DL_NAME_SERVER" RewriteEngine On RewriteLog /your_path/your_log_file RewriteLogLevel 5 ################## # Exemple : Authorised adress to acces to dl admin.php page RewriteCond %{REMOTE_ADDR} !^192\.168\. RewriteCond %{REMOTE_ADDR} !^10\.1\. RewriteCond %{REMOTE_ADDR} !^10\.2\. RewriteCond %{REMOTE_ADDR} !^10\.3\. RewriteCond %{REQUEST_URI} /dl/admin.php RewriteRule .* /htdocs/forbidden.html -----Message d'origine----- De : Yuri D'Elia [mailto:wav...@thregr.org] Envoyé : lundi 25 octobre 2010 17:49 À : Download Ticket Service Objet : Re: [dl-ticket-service] Feature Request: Permitted IP's On Tue, 19 Oct 2010 21:49:53 +0200 ssc <s...@gmx.biz> wrote: > Hi, > > I'm not really happy, that everyone is able to access the administration > of DL. What about permitted IP's? It shouldn't be a big problem to > implement IP restrictions and this would make DL much more secure. > > Sure, you can enforce IP restrictions with the Webserver. Maybe a > htaccess would make more sense than a solution with DL, but it would be > more comfortable to set those restrictions with the WebGUI. > > What do you think? It only makes sense if you want to restrict the IP address for a specific administrator, and let others without restrictions. Otherwise the standard .htaccess/webserver config is the way to go (and less prone to potential errors). Note that we separated admin.php from index exactly for that purpose. I like the idea, but there are more important features that are required IMHO: - improve the ticket listing (maybe with a table?, pagination?) - edit existing tickets/grants __________________________ Ce message (et toutes ses pièces jointes éventuelles) est confidentiel et établi à l'intention exclusive de ses destinataires. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message. L'IFP change de nom et devient IFP Energies nouvelles. Son adresse de messagerie change aussi : prenom....@ifpenergiesnouvelles.fr IFP is changing its name to IFP Energies nouvelles. Its email address is changing too: firstname.lastn...@ifpenergiesnouvelles.fr Visitez notre site Web / Visit our web site : www.ifpenergiesnouvelles.fr __________________________