Hi,
Is it possible (and what will be the best approach) to restrict access to the Open edX LMS and/CMS instances to specific IP addresses (subnets or ranges)?
This is important mainly for admin and studio areas.
1- If user visited the website from allowed_IPs: He/she can access the web site
2- else (user comes from an IP not listed in allowed_IPs): Redirect them to a specific page ( “Access not allowed. Your IP is not allowed to access this website”)
Thanks
How about using something like iptables on your server to restrict access to the container? Feel free to post your solution 
https://docs.docker.com/network/iptables/#restrict-connections-to-the-docker-host
Thanks for sharing.
These iptables rules will help in a specific scenario (scenario 1) where we want lms and cms to be accessible exclusively for internal employees via known IPs/subnets.
In other words, allow access to to entire lms and cms websites from specific IP/subnet AND block traffic originating from any other IP/subnet
But (scenario 2):
Unless I am missing something!
May be anther solutions which will be more flexible to suite the scenario 2.
Any other thoughts?
Hi @Djas2017! I suggest you create a dedicated plugin for patching the nginx configuration. Feel free to open a pull request if you need additional {{ patch(...) }} statements.
Thanks @regis for the suggestion.
Are there any existing statements for patching the nginx configuration? Any guidance from you or the community will be very appreciated as I am new to Tutor and Open edX world!
Following the docs, the list of patch statements can be found by browsing the Tutor source code: Search · GitHub{{+patch+repo%3Aoverhangio%2Ftutor+path%3A%2Ftutor%2Ftemplates&type=Code&ref=advsearch&l=&l=8
Thanks a lot @regis for the followup and for the guidance.
I will take a look and share feedback.