Login plugin - block all IPs except one

Plugins & Platform
1

Hello all,

I’m attempting to disable login entirely except from a specific IP.

Under the Always Block & Never Block sections it says the following:

Enter one IP address or one IP range per line. You can use CIDR notation e.g: 1.2.3.4/24 or you can use wildcards, e.g: 1.2.3.* or 1.2.. If an IP is on both the list of IPs to block and never block, it is blocked.

Unfortunately “If an IP is on both the list of IPs to block and never block, it is blocked.” is the opposite of what would work for this case.

Is there a different way to achieve this?
Could it be possible to update the plugin and have an added setting that would allow to choose the desired behavior (i.e. if in both lists always/never block)?

Thanks for your help.

2

For those with a similar issue, here’s to allow only specific IPs to log in.

From file config/global.ini.php:

; When configured, only users from a configured IP can log into your Matomo. You can define one or multiple
; IPv4, IPv6, and IP ranges. You may also define hostnames. However, resolving hostnames in each request
; may slightly slow down your Matomo.
; This allowlist also affects API requests unless you disabled it via the setting
; "login_allowlist_apply_to_reporting_api_requests" below. Note that neither this setting, nor the
; "login_allowlist_apply_to_reporting_api_requests" restricts authenticated tracking requests (tracking requests
; with a "token_auth" URL parameter).

; Examples:
; login_allowlist_ip[] = 204.93.240.*
; login_allowlist_ip[] = 204.93.177.0/24
; login_allowlist_ip[] = 199.27.128.0/21
; login_allowlist_ip[] = 2001:db8::/48
; login_allowlist_ip[] = matomo.org

; By default, if an allowlisted IP address is specified via "login_allowlist_ip[]", the reporting user interface as
; well as HTTP Reporting API requests will only work for these allowlisted IPs.
; Set this setting to "0" to allow HTTP Reporting API requests from any IP address.
login_allowlist_apply_to_reporting_api_requests = 1

So add your allowed IPs to array login_allowlist_ip and adjust login_allowlist_apply_to_reporting_api_requests for the desired behavior.

1 Like