I have a closed Elgg (no registration option and approximately 100 users) hosted online but I would like to restrict the site to log in only from within a fixed domain, like an intranet. We don't have the option to set up a server in the small LAN.
This is not intended for high security, only to deter registered users from accessing outside the organisation which is a small school.
I suspect this would be similar to requests I have seen for registration only from a domain, and I appreciate this would be a hack but is this something I could do with some guidance? I have no OOPHP experience only PHP knowledge.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Dries@driesdk
Dries - 0 likes
- Team Webgalli@webgalli
Team Webgalli - 0 likes
- Steve Harries@sharries
Steve Harries - 0 likes
- User requests subfolder (I presume this is by address typing or by links and bookmarks?)
- If not from yourdomain.com
- Or not from alloweddomain.com
- Throw a 403 forbidden message
- Steve Harries@sharries
Steve Harries - 0 likes
- Dan@DanWestlake
Dan - 0 likes
You must log in to post replies.Maybe this can help you
https://community.elgg.org/plugins/1422171
Edit: sorry, I read it wrong, I thought you were rejecting based on an e-mail domain.
Seems like you want to use an IP check maybe to permit access?
A quick search returned
http://stackoverflow.com/questions/9572604/deny-referrals-from-all-domains-except-one
Hope it will be helpful.
Cheers @Dries looks like the solution I will need, .htaccess files are a foreign language to me so will have to do some serious reading. I have the Elgg in a sub folder on my server (which I would like to act as an intranet at that level) and .htaccess goes at root, could you advise how it might look for /myelggfolder/
Below is the .htaccess suggested from Stackoverflow
I shall continue reading.
Could this be relevant from http://stackoverflow.com/questions/20811492/htaccess-running-only-script
If I understand this:
Am I on the right track?
I presume you can, or may need to, add the loopback address somewhere?
The line in bold is an uneducated guess as to how it may look...
I have also posted on StackOverflow
http://stackoverflow.com/questions/27439797/elgg-sub-folder-intranet-only-access
Was any headway made on this? I don't need this exact feature, just curious.