Is it possible (and what will be the best approach) to restrict access to the Open edX LMS and/CMS instances to specific IP addresses (subnets or ranges)?
This is important mainly for admin and studio areas.
1- If user visited the website from allowed_IPs: He/she can access the web site
2- else (user comes from an IP not listed in allowed_IPs): Redirect them to a specific page ( “Access not allowed. Your IP is not allowed to access this website”)
These iptables rules will help in a specific scenario (scenario 1) where we want lms and cms to be accessible exclusively for internal employees via known IPs/subnets.
In other words, allow access to to entire lms and cms websites from specific IP/subnet AND block traffic originating from any other IP/subnet
But (scenario 2):
they will not be able to block access to specific lms admin area like: mylms.tld/admin/
They will not be able to make lms access to everyone (no IP/subnet restrictions) and male lms admin (mylms.tld/admin/) + studio only available to specific IPs/subnets.
Unless I am missing something!
May be anther solutions which will be more flexible to suite the scenario 2.
Any other thoughts?
Hi @Djas2017! I suggest you create a dedicated plugin for patching the nginx configuration. Feel free to open a pull request if you need additional {{ patch(...) }} statements.
Are there any existing statements for patching the nginx configuration? Any guidance from you or the community will be very appreciated as I am new to Tutor and Open edX world!
Following the docs, the list of patch statements can be found by browsing the Tutor source code: Search · GitHub{{+patch+repo%3Aoverhangio%2Ftutor+path%3A%2Ftutor%2Ftemplates&type=Code&ref=advsearch&l=&l=8