Help

3

How to put an IP address based limit to authentication of users?

Avatar
Ahmet Altinisik

I would like to put some IP restrictions on login so some users can only connect from their designated workstations. How can I achieve this?

AFAIK there is no such control mechanism in openERP, can I achieve this by moving authentication to the another entity like LDAP or OpenID ?

Regards,

Avatar
Discard
1 Answer
1
Avatar
Geoff Galik
Best Answer
Still Can't Post Hyperlinks (*grrrrrrr). Please edit as per inline pseudocode.

You're machine's firewall(s) is where policies are enforced concerning the handling of network packets, including connection specific access restrictions for IP ranges. Setting rules like allowing/denying service based on the source's IP address is, in fact, the purpose of a firewall.

If you're running a Linux-based system you can configure the kernel's firewall with iptables.

[href="help.ubuntu.com/community/Iptables"]HowToUbuntu's guide on iptables.[/href] Even though it's from Ubuntu, this guide should be relevant to any Linux system.

[href="serverfault.com/questions/30026/whitelist-allowed-ips-in-out-using-iptables"]Advice specific to allowing ip's[/href]

[href="serverfault.com/questions/248384/allow-iptables-to-allow-ip-range-only-on-specifc-port"]Advice specific to allowing ip ranges for specific ports.[/href]

[href="wiki.debian.org/iptables"]Debian's guide on iptables[/href]. Also includes links for a few less technical tools.

If you are running a *nix system, you also may be able to accomplish what you're trying to do by adding entries in the 'hosts.allow' and 'hosts.deny' files respectively (if OpenERP supports it); I would still recommend using your firewall (see [href="https://bbs.archlinux.org/viewtopic.php?id=77481"]this link[/href].

7 Comments
Avatar
Discard
Avatar
Ahmet Altinisik
-

I want to add IP restrictions on login so some users can only connect from their designated workstations. So If I put restrictions in firewall level no one will be able to login from that machine.

Avatar
Geoff Galik
-

What OS are you running?

Avatar
Ahmet Altinisik
-

ubuntu 12.04

Avatar
Geoff Galik
-

sudo apt-get install firestarter && sudo firestarter, then go through wizard. After wizard is done, go to 'Policy' tab and create new.

Avatar
Ahmet Altinisik
-

Geoff firewall cannot solve my problem. I want to limit connection based on users and ip.

Avatar
Geoff Galik
-

Set up a reverse proxy. It'll require two levels of authentication but Nginx or Apache should do it: http://serverfault.com/questions/311710/how-to-act-differently-according-to-the-ip-address-with-nginx

Avatar
Geoff Galik
-

http://stackoverflow.com/questions/3828971/apache-authentification-letting-users-from-x-ip-address-in-without-required-pa