From fd3f890f7b2b8b06d27820210ad016e079add6f0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 20 Aug 2019 14:15:04 +0200 Subject: [PATCH] NEW Can restrict access using DAV module to some host IPs only --- htdocs/admin/dav.php | 9 +++++++-- htdocs/api/admin/index.php | 2 +- htdocs/dav/fileserver.php | 16 ++++++++++++++++ htdocs/langs/en_US/admin.lang | 3 ++- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index 005394739f0..f4fbcbbdd59 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -35,7 +35,10 @@ if (!$user->admin) $action = GETPOST('action', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); + + $arrayofparameters=array( + 'DAV_RESTICT_ON_IP'=>array('css'=>'minwidth200', 'enabled'=>1), 'DAV_ALLOW_PRIVATE_DIR'=>array('css'=>'minwidth200', 'enabled'=>2), 'DAV_ALLOW_PUBLIC_DIR'=>array('css'=>'minwidth200', 'enabled'=>1), 'DAV_ALLOW_ECM_DIR'=>array('css'=>'minwidth200', 'enabled'=>$conf->ecm->enabled) @@ -82,7 +85,8 @@ if ($action == 'edit') if (isset($val['enabled']) && empty($val['enabled'])) continue; print ''; - print $form->textwithpicto($langs->trans($key), $langs->trans($key.'Tooltip')); + $tooltiphelp = (($langs->trans($key.'Tooltip') != $key.'Tooltip') ? $langs->trans($key.'Tooltip') : ''); + print $form->textwithpicto($langs->trans($key), $tooltiphelp); print ''; if ($key == 'DAV_ALLOW_PRIVATE_DIR') { @@ -116,7 +120,8 @@ else foreach($arrayofparameters as $key => $val) { print ''; - print $form->textwithpicto($langs->trans($key), $langs->trans($key.'Tooltip')); + $tooltiphelp = (($langs->trans($key.'Tooltip') != $key.'Tooltip') ? $langs->trans($key.'Tooltip') : ''); + print $form->textwithpicto($langs->trans($key), $tooltiphelp); print ''; if ($key == 'DAV_ALLOW_PRIVATE_DIR') { diff --git a/htdocs/api/admin/index.php b/htdocs/api/admin/index.php index 0ca6786b9b2..979ce497ab1 100644 --- a/htdocs/api/admin/index.php +++ b/htdocs/api/admin/index.php @@ -130,7 +130,7 @@ print ' '; print ''; print ''; -print ''.$langs->trans("RestrictApiToIps").''; +print ''.$langs->trans("RESTICT_API_ON_IP").''; print ''; print ''; print ''; diff --git a/htdocs/dav/fileserver.php b/htdocs/dav/fileserver.php index b056ac9730c..4a38511305e 100644 --- a/htdocs/dav/fileserver.php +++ b/htdocs/dav/fileserver.php @@ -55,6 +55,22 @@ if (empty($conf->dav->enabled)) accessforbidden(); +// Restrict API to some IPs +if (! empty($conf->global->DAV_RESTICT_ON_IP)) +{ + $allowedip=explode(' ', $conf->global->DAV_RESTICT_ON_IP); + $ipremote = getUserRemoteIP(); + if (! in_array($ipremote, $allowedip)) + { + dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->DAV_RESTICT_ON_IP); + print 'DAV not allowed from the IP '.$ipremote; + header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote); + //print $conf->global->DAV_RESTICT_ON_IP; + exit(0); + } +} + + $entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1)); // settings diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index ee3da865377..726ba624434 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1932,5 +1932,6 @@ DeleteEmailCollector=Delete email collector ConfirmDeleteEmailCollector=Are you sure you want to delete this email collector? RecipientEmailsWillBeReplacedWithThisValue=Recipient emails will be always replaced with this value AtLeastOneDefaultBankAccountMandatory=At least 1 default bank account must be defined -RestrictApiToIps=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs. +RESTICT_API_ON_IP=Allow available APIs to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can use the available APIs. +RESTICT_ON_IP=Allow access to some host IP only (wildcard not allowed, use space between values). Empty means every hosts can access. BaseOnSabeDavVersion=Based on the library SabreDAV version \ No newline at end of file