Not logged in. · Lost password · Register
Forum: General Help and Support Plugins RSS
Abortlogin ipv6 support
Page:  1  2  next 
Avatar
eanfrid #1
Member since Dec 2017 · 9 posts · Location: France
Group memberships: Members
Show profile · Link to this post
Subject: Abortlogin ipv6 support
Hello,

Release 2017-02-19e "Frusterick Manners" and latest version of the plugin (2017-12-04).

Whatever valid syntax I use for ipv6 addresses (or ranges) to test and make abortlogin plugin work with ipv6, none is reported as valid by the plugin. Using any of them instead of my ipv4 address in the config file locks me out of my wiki. For example :

2001:db8:a::123/64 is not a valid IP
2001:db8:a::123 is not a valid IP
2001:db8:a:: is not a valid IP
[2001:db8:a::123] is not a valid IP
2001:db8:a::/64 is not a valid IP

However according to the author, it should work...

Thanks
This post was edited 2 times, last on 2017-12-07, 21:58 by eanfrid.
Avatar
turnermm (Moderator) #2
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
In order to test, you have to fill in entries in both the allowed and the test entry boxes.

So, for instance, if you add the following to the allowed:
192.168.0,2001:db8:a::

And you add the following to the tests:
192.168.0,2001:db8:a::123,2001:db8:a::

you should get:
   192.168.0 is a valid IP
   2001:db8:a::123 is a valid IP
   2001:db8:a:: is a valid IP

The plugin was not designed to handle IPv6 specifically, since it was created before IPv6.  What the page says, is in answer to a  request for IPv6 support:
       Would be really great if it worked with ipv6 addresses - LG

        Don't see why this is not possible since the plugin uses regular expressions to test against ips.



That means it will not work with this:
[2001:db8:a::123]
because the square brackets are extraneous to the address itself. 

I've had very little experience with these addresses; they are still not very common, at least in my experience, so if there's anyone out there who wants to contribute to abortlogin, who does have experience, let me know. (Thanks)
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
This post was edited on 2017-12-08, 01:28 by turnermm.
Avatar
eanfrid #3
Member since Dec 2017 · 9 posts · Location: France
Group memberships: Members
Show profile · Link to this post
OK the test works like you said in the test box. Nevertheless, the plugin still locks me out for real with ipv6 addresses/ranges only. Then I must modify the config file to manually add again my ipv4 address in order to be allowed back in. So I have to force the network stack on my system to use ipv6 as a fallback (instead of a 'default ipv6 with ipv4 fallback' priority) or to disable ipv6 in Firefox for instance with 'network.dns.disableIPv6 true' in 'about:config'.

Otherwise if I disable the plugin, ipv6-only access to the admin-part of the website is OK.

It looks like the test regex rules are different from how the config file is really parsed.
This post was edited 3 times, last on 2017-12-08, 10:24 by eanfrid.
Avatar
turnermm (Moderator) #4
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
I've looked into this a bit further.  Try this branch of abortlogin:

https://github.com/turnermm/abortlogin/archive/ipv6.zip

It adds ipv6 support.  It's hard for me to give it a real world test because I don't see ipv6 access on my server.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
eanfrid #5
Member since Dec 2017 · 9 posts · Location: France
Group memberships: Members
Show profile · Link to this post
I updated the plugin successfully, uploading manually from the url above.

Sorry but it still does not work :( i.e. it is OK within the test blocks (valid ip) but ipv6 access remains forbidden (403).

What I need for my use is something like this to work :
'123.123.123.,2001:db8:98:c1::' (both ranges)

FYI : As previously something like '123.123.123.,2001:db8:9897:c1::/64' crashes the config parsing and totally denies further admin access, including via ipv4...

EDIT :cool:
'123.123.123., 2001:db8:98:c1::' does not work but '2001:db8:98:c1::, 123.123.123.' does ! (ipv6 string entered before ipv4 string) ...

EDIT2
However with 2 ipv6 ranges/adresses entered, like '2001:db8:97:c2::, 2001:db8:98:c1::, 123.123.123.' ipv6 access is forbidden again.
This post was edited 2 times, last on 2017-12-08, 21:12 by eanfrid.
Avatar
turnermm (Moderator) #6
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
Afraid I can't help you.  Find someone with coding skills who can handle this type of IP configuration.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
turnermm (Moderator) #7
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
I have one more thought but can’t deal with it right now.  I may not have understood your explanation or you may not be explaining clearly enough. We’ll see.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
eanfrid #8
Member since Dec 2017 · 9 posts · Location: France
Group memberships: Members
Show profile · Link to this post
Sorry my test was partially wrong because I did not wipe browser cookies. As long as the filtering string starts with an ipv6 range (if any), this new realease works as far as I am concerned.

Tested sort order in the string : 'ipv6, ipv4' is OK, 'ipv4, ipv6' is KO, 'ipv6, ipv6' is OK, 'ipv6, ipv6, ipv4' is OK, 'ipv4, ipv6, ipv6' is KO. So if there is an ipv6-ipv4 mixed filtering, ipv6 ranges must be listed first.

I am not very good with regex writing either :huh:

Thank you for your work ;)
This post was edited on 2017-12-08, 23:25 by eanfrid.
Avatar
turnermm (Moderator) #9
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
I’ll see what I can do. Regexes are no problem. Judging from what you’ve said, I have to keep the two types of IP entirely separate.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
turnermm (Moderator) #10
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
I think you should be able to use the current update:
    https://github.com/turnermm/abortlogin/archive/ipv6.zip
I've completely separated the ipv4 from the ipv6 processing, so you shouldn't have the problem you mentioned in your previous post.  The order in which you list your addresses shouldn't matter now.

Also, I found a more accurate module for converting ipv6 addresses to integers, which is what I use for comparing ipv6, which has too many ways of representing the same address to be convenient for a regular expression.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
eanfrid #11
Member since Dec 2017 · 9 posts · Location: France
Group memberships: Members
Show profile · Link to this post
Unfortunately something is wrong. This new release crashes the site during its install, with a "server error 500" thus denying further access to anyone. Reverting to the previous ipv6.zip archive (or deleting/renaming 'abortlogin' folder) immediately solved the problem.
This post was edited on 2017-12-14, 13:06 by eanfrid.
Avatar
turnermm (Moderator) #12
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
Can  you check your error logs?

Never mind.  I see the problem.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
This post was edited on 2017-12-14, 14:56 by turnermm.
Avatar
turnermm (Moderator) #13
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
I don't  know why this didn't/doesn't show up on my test version.  I had to switch to a different test dokuwiki to find it. 

I think the plugin should be ok now.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
Avatar
eanfrid #14
Member since Dec 2017 · 9 posts · Location: France
Group memberships: Members
Show profile · Link to this post
It is better but still flawed. Now there is no error message during installation of the plugin. But then, only further ipv4 connections are allowed. Using an ipv6 adress issues a "403 login not available" :( FYI, my ip filter currently lists 2 ipv6 ranges preceding 1 ipv4 range.

I cannot read any useful server logs (basic shared hosting without ssh access).
Avatar
turnermm (Moderator) #15
Member since Oct 2009 · 4040 posts · Location: Canada
Group memberships: Global Moderators, Members, Super Mods
Show profile · Link to this post
Truthfully, I can 't imagine what the source of your experience is.   I have not had a similar instance in my tests.  But then I don't have your lists.  Perhaps you could email me your lists of tests and allowed IPs, just as they are entered into the configuration options.  You can do this through the forum by clicking on my user name and selecting Send e-mail

Thanks.

And if you have been keeping a log of rejected IPs,  or could keep one for this test,  that would also be helpful.
Myron Turner
github: https://github.com/turnermm
plugins, templates: http://www.mturner.org/devel
This post was edited on 2017-12-16, 17:24 by turnermm.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Page:  1  2  next 
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2018-04-24, 00:45:25 (UTC +02:00)