Beschränkung Setup auf Adressen
The call of the EGroupware setup
https://domain.tld/egroupware/setup
or a login can (and should) be limited to certain addresses.
In general, the restriction should be chosen so that a login is only possible from a trusted network. Depending on the constellation, there are now different possibilities.
Here are two examples:
- EGroupware on server in company or home network
In this case, a /24 address can be entered, for example, to access the setup exclusively from computers in the local network.
In the case of a standard Fritz!Box (A very common router in Germany) network, this would be 192.168.178.0/24
Enter here in the Header-Admin as 192.168.178 :
- EGroupware on a host at a provider
If you reach your VHost via VPN, you can easily enter the IP address(es) of your PC.
It is also possible to enter a fixed IP as allowed.
With changing IP addresses, you can try to work with a DynDNS address, i.e. the domain name.
There are many more constellations. With this simple means the security of an EGroupware installation can be easily increased.
A misconfiguration can lock you out of the setup. The direct access to the header.inc.php should be checked before. And a backup of the file should be created!
The address for the restriction is entered in the header setup. The header setup writes the change to
/var/lib/egroupware/header.inc.php
The following can be entered:
|
Example |
To be entered |
| Address ranges (/24, /16, /8) |
192.168.178.0/24 |
192.168.178 |
| IP addresses |
IP address Admin PC |
192.168.178.39 |
| IP addresses Comma separated |
Addresses in the 192.168.178.0/24 network |
192.168.178.13, 192.168.178.39 |
Enter the local network (/24) in the header setup:
Is then stored in the header.inc.php:
This entry can thus be entered directly into the header.inc.php. If you know what you are doing…
