eanfrid
OK the test works like you said in the test box. Nevertheless, the plugin still locks me out for real with ipv6 addresses/ranges only. Then I must modify the config file to manually add again my ipv4 address in order to be allowed back in. So I have to force the network stack on my system to use ipv6 as a fallback (instead of a 'default ipv6 with ipv4 fallback' priority) or to disable ipv6 in Firefox for instance with 'network.dns.disableIPv6 true' in 'about:config'.
Otherwise if I disable the plugin, ipv6-only access to the admin-part of the website is OK.
It looks like the test regex rules are different from how the config file is really parsed.
turnermm
I've looked into this a bit further. Try this branch of abortlogin:
https://github.com/turnermm/abortlogin/archive/ipv6.zip
It adds ipv6 support. It's hard for me to give it a real world test because I don't see ipv6 access on my server.
eanfrid
I updated the plugin successfully, uploading manually from the url above.
Sorry but it still does not work :( i.e. it is OK within the test blocks (valid ip) but ipv6 access remains forbidden (403).
What I need for my use is something like this to work :
'123.123.123.,2001:db8:98:c1::' (both ranges)
FYI : As previously something like '123.123.123.,2001:db8:9897:c1::/64' crashes the config parsing and totally denies further admin access, including via ipv4...
EDIT :cool:
'123.123.123., 2001:db8:98:c1::' does not work but '2001:db8:98:c1::, 123.123.123.' does ! (ipv6 string entered before ipv4 string) ...
EDIT2
However with 2 ipv6 ranges/adresses entered, like '2001:db8:97:c2::, 2001:db8:98:c1::, 123.123.123.' ipv6 access is forbidden again.
turnermm
Afraid I can't help you. Find someone with coding skills who can handle this type of IP configuration.
turnermm
I have one more thought but can’t deal with it right now. I may not have understood your explanation or you may not be explaining clearly enough. We’ll see.
eanfrid
Sorry my test was partially wrong because I did not wipe browser cookies. As long as the filtering string starts with an ipv6 range (if any), this new realease works as far as I am concerned.
Tested sort order in the string : 'ipv6, ipv4' is OK, 'ipv4, ipv6' is KO, 'ipv6, ipv6' is OK, 'ipv6, ipv6, ipv4' is OK, 'ipv4, ipv6, ipv6' is KO. So if there is an ipv6-ipv4 mixed filtering, ipv6 ranges must be listed first.
I am not very good with regex writing either :huh:
Thank you for your work ;)
turnermm
I’ll see what I can do. Regexes are no problem. Judging from what you’ve said, I have to keep the two types of IP entirely separate.
turnermm
I think you should be able to use the current update:
https://github.com/turnermm/abortlogin/archive/ipv6.zip
I've completely separated the ipv4 from the ipv6 processing, so you shouldn't have the problem you mentioned in your previous post. The order in which you list your addresses shouldn't matter now.
Also, I found a more accurate module for converting ipv6 addresses to integers, which is what I use for comparing ipv6, which has too many ways of representing the same address to be convenient for a regular expression.
eanfrid
It is better but still flawed. Now there is no error message during installation of the plugin. But then, only further ipv4 connections are allowed. Using an ipv6 adress issues a "403 login not available" :( FYI, my ip filter currently lists 2 ipv6 ranges preceding 1 ipv4 range.
I cannot read any useful server logs (basic shared hosting without ssh access).
turnermm
Truthfully, I can 't imagine what the source of your experience is. I have not had a similar instance in my tests. But then I don't have your lists. Perhaps you could email me your lists of tests and allowed IPs, just as they are entered into the configuration options. You can do this through the forum by clicking on my user name and selecting Send e-mail
Thanks.
-------------
And if you have been keeping a log of rejected IPs, or could keep one for this test, that would also be helpful.
turnermm
I don't know why this didn't/doesn't show up on my test version. I had to switch to a different test dokuwiki to find it.
I think the plugin should be ok now.
eanfrid
Unfortunately something is wrong. This new release crashes the site during its install, with a "server error 500" thus denying further access to anyone. Reverting to the previous ipv6.zip archive (or deleting/renaming 'abortlogin' folder) immediately solved the problem.
turnermm
Can you check your error logs?
Never mind. I see the problem.
eanfrid
Ahem... I get an "Access denied" warning when I click the "send message" button below the email form.
turnermm
Send if to
turnermm02@shaw.ca
I have been thinking about this. Abortlogin is not set up to deal with ipv6 ranges, if that is what you are using. Only single addresses. So if you have more than one IP you want to exclude you must list each individually. I am only just getting up to speed on the various aspects of ipv6 address, and getting the tools to deal with them,
eanfrid
I see. I have to use ipv6 ranges since I own two /48 subnets. My managed workstations are assigned dynamic /64 temporary addresses within these ranges. So I will use your first release of the 'ipv6.zip' archive because this one works with ranges.
Thank you.
turnermm
I'm adding an admin page. It uses the same data file as the command line tool and gives the same results. It will be expanded to provide more options.
turnermm
eanfrid
I manually refreshed my actual config from the ipv62.zip archive. It works with two ipv6 ranges written like "2001:db8:a:1::/64, 2001:db8:b:1::/64".
Thank you very much.
turnermm
I'm very glad to hear that. For the next little while I will keep the docs for the original version (ipv4) separate from the ipv6 version and supply two separate distributions. Eventually, I will switch over to the new version, which supports both ipv6 and ipv4. And I will retire the original version.
Thanks for helping with the testing.