@mattab opened this issue on January 26th 2014

For added security, it would be useful to be able to only allow particular users to login from white listed IP addresses. - "Restrict login to Piwik only from these IP addresses" would be a global setting that would restrict all logins to a particular IP address. - "Restrict a particular username to login from these IP addresses" would be a setting, per user, optional, that would restrict login by this username. - UI: maybe we could extend the 'User Settings' mechanism , to also let Super User edit settings for other users.

Notes: - When a user goes to the login form, or tries to login, and the IP is not whitelisted, display a message "Access to this Piwik server is restricted. Please contact the admin to ask them to white list your IP address. more" - Learn more link goes to a FAQ on Piwik.org, explaining the WhiteList feature, and also explaining "How do I disable IP whitelisting?" - This would help a Super User deactivate the IP white listing feature, if he is locked out. - UI: Ips will accept ranges, similarly to the "Ips to exclude" in the Websites settings.

@hpvd commented on January 27th 2014

great idea!

Maybe we should think of a mechanism to prevent that e.g. non advanced users could lock their-selves or more worse all users for ever from their piwik installation....

this could happen - if they do not have a static IP (are not aware of this and put this in the restriction rule) and the next day dialling in they got a new IP-address from their provider - they put in the IP from somewhere where they now could not get access any-more (ex-girl, ex-employer...)

Powered by GitHub Issue Mirror