Question: How to restrict access to a specific IP per folder

[merlinuwe]

I remember - many years ago - when I was using HFS there was an option to allow to access a folder only from a given IP-address. I searched in the latest release candidate of today, but did not find this anymore. Is there a solution?

Background: I'd like to use this software (again) in a classroom, where are 25 computers for pupils and 1 for me, the teacher.

Example:

Place 1 with IP 10.10.304.1 should have only access to the folder "Platz_01" and the folder "Platz_99", where the teacher gives (only) download-access to some files/folders to everyone without any permission. (The pupils should not need an account. No pupil should be able to access the account of an other pupil. ;-))

Place 2 with IP 10.10.304.2 should have only access to the folder "Platz_02" and the folder "Platz_99" and so on.

(The teacher can zip the whole folders after the pupils work is done.)

[rejetto]

i'm quite sure there's no such feature in hfs2, but you could get the effect with some basic scripting.
hfs3 has scripting too, while in a much different fashion.
I'm not sure i understand your instructions, anyway.
For a start, 1) are you ok with all the folders being visible by anybody, but accessible only by the right ip?
And 2) do you know some programming?

[rejetto]

3. is it true that IP 10.10.304.X will have access to Platz_X ?

[merlinuwe]

For 1) yes, no problem.
For 2) not really ...
For 3) Yes, that's correct.

[rejetto]

how will hfs know that you are the teacher?

[merlinuwe]

I work at the pc with IP 10.10.304.99.

[rejetto]

ok, exception made for you, every X has to access folder X and folder 99, right?
i didn't test it, but this should be close to what you need

exports.middleware = ctx => {
   if (ctx.ip === '10.10.304.99') return // skip 
   const n = ctx.path.match(/Platz_(\d+)/)?.[1]
   if (n && n !== '99' && ctx.ip !== '10.10.304.' + Number(n))
       ctx.status = 403
}

put in admin-panel > options > server-code

[merlinuwe]

Oh, thank you very much!
To test it at home, I changed the ip-addresses in your code to 192.168.178.x

exports.middleware = ctx => {
   if (ctx.ip === '192.168.178.21') return // skip 
   const n = ctx.path.match(/Platz_(\d+)/)?.[1]
   if (n && n !== '21' && ctx.ip !== '192.168.178.' + Number(n))
       ctx.status = 403
}

Now I can access from my smartphone to my PC. But it is allowed to log in as user 1, 2 21 and 27. The smartphone has ip 192.168.178.27. It should only be allowed to have access to folder Platz_27 (which I added).

Here are my other settings:

[rejetto]

I'm not sure i'm following.
You asked about folders and IPs, and to not require accounts, but now you are introducing accounts.
Of course accounts are not going to work with my script.

[merlinuwe]

Ah - my fault. Thanks for the clarification.

[rejetto]

np, but so, what is the plan, accounts or ips?
you don't want to do both...
btw, you are not the first teacher using hfs. I'm glad it can be useful in schools.

[merlinuwe]

IPs are the correct way.

Good to hear that other colleagues like it, too. ;-)

[levent0119]

What I need is to allow my members access based on their static external IP address, blocking them from logging in from different IPs. It would be great if there were plugins that could do this.

[rejetto]

What I need is to allow my members access based on their static external IP address, blocking them from logging in from different IPs. It would be great if there were plugins that could do this.

hey, in this issue/topic, accounts are NOT involved, but you say "logging in".
If you want something related to accounts then you should open a different discussion/issue, as this will be closed when the original problem is solved.