diff options
| author | Thomas Steur <tsteur@users.noreply.github.com> | 2018-07-09 11:27:02 +0300 |
|---|---|---|
| committer | Stefan Giehl <stefan@piwik.org> | 2018-07-09 11:27:02 +0300 |
| commit | 5eb6b4b469a7a5e08c35518f9abacce8a29dc5da (patch) | |
| tree | dac854d309c6bd8cef2fbe7c85bec3820d9ac2f0 /config | |
| parent | 7ac9ff88240f7c5ddab8eda5bf64bcff98dd4b50 (diff) | |
Allow hostnames to be configured in login whitelist (#13137)
* Allow hostnames to be configured in login whitelist
May be useful in combination with for example DynDNS providers. Or should we rather have a `login.whitelist.hostnames`?
* Add test for resolving hostnames
* document new hostname option for the login whitelist
* updates UI file
Diffstat (limited to 'config')
| -rw-r--r-- | config/global.ini.php | 5 | ||||
| -rw-r--r-- | config/global.php | 16 |
2 files changed, 19 insertions, 2 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index cd457dc792..2de8bf6704 100644 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -394,7 +394,9 @@ login_password_recovery_replyto_email_address = "no-reply@{DOMAIN}" login_password_recovery_replyto_email_name = "No-reply" ; When configured, only users from a configured IP can log into your Matomo. You can define one or multiple -; IPv4, IPv6, and IP ranges. This whitelist also affects API requests unless you disabled it via the setting +; IPv4, IPv6, and IP ranges. You may also define hostnames. However, resolving hostnames in each request +; may slightly slow down your Matomo. +; This whitelist also affects API requests unless you disabled it via the setting ; "login_whitelist_apply_to_reporting_api_requests" below. Note that neither this setting, nor the ; "login_whitelist_apply_to_reporting_api_requests" restricts authenticated tracking requests (tracking requests ; with a "token_auth" URL parameter). @@ -404,6 +406,7 @@ login_password_recovery_replyto_email_name = "No-reply" ; login_whitelist_ip[] = 204.93.177.0/24 ; login_whitelist_ip[] = 199.27.128.0/21 ; login_whitelist_ip[] = 2001:db8::/48 +; login_whitelist_ip[] = matomo.org ; By default, if a whitelisted IP address is specified via "login_whitelist_ip[]", the reporting user interface as ; well as HTTP Reporting API requests will only work for these whitelisted IPs. diff --git a/config/global.php b/config/global.php index 2ace0e3b80..2ed3eb19b9 100644 --- a/config/global.php +++ b/config/global.php @@ -138,7 +138,21 @@ return array( if (!empty($general['login_whitelist_ip']) && is_array($general['login_whitelist_ip'])) { $ips = $general['login_whitelist_ip']; } - return $ips; + + $ipsResolved = array(); + + foreach ($ips as $ip) { + if (filter_var($ip, FILTER_VALIDATE_IP)) { + $ipsResolved[] = $ip; + } else { + $ipFromHost = @gethostbyname($ip); + if (!empty($ipFromHost)) { + $ipsResolved[] = $ipFromHost; + } + } + } + + return $ipsResolved; }, 'Zend_Validate_EmailAddress' => function () { |