Allowing access to the CMS and/or LMS only from specific IP addresses


Is it possible (and what will be the best approach) to restrict access to the Open edX LMS and/CMS instances to specific IP addresses (subnets or ranges)?

This is important mainly for admin and studio areas.

1- If user visited the website from allowed_IPs: He/she can access the web site
2- else (user comes from an IP not listed in allowed_IPs): Redirect them to a specific page ( “Access not allowed. Your IP is not allowed to access this website”)


How about using something like iptables on your server to restrict access to the container? Feel free to post your solution :slight_smile:

1 Like

Thanks for sharing.

These iptables rules will help in a specific scenario (scenario 1) where we want lms and cms to be accessible exclusively for internal employees via known IPs/subnets.
In other words, allow access to to entire lms and cms websites from specific IP/subnet AND block traffic originating from any other IP/subnet

But (scenario 2):

  • they will not be able to block access to specific lms admin area like: mylms.tld/admin/
  • They will not be able to make lms access to everyone (no IP/subnet restrictions) and male lms admin (mylms.tld/admin/) + studio only available to specific IPs/subnets.

Unless I am missing something!
May be anther solutions which will be more flexible to suite the scenario 2.
Any other thoughts?

Hi @Djas2017! I suggest you create a dedicated plugin for patching the nginx configuration. Feel free to open a pull request if you need additional {{ patch(...) }} statements.

Thanks @regis for the suggestion.

Are there any existing statements for patching the nginx configuration? Any guidance from you or the community will be very appreciated as I am new to Tutor and Open edX world!

Following the docs, the list of patch statements can be found by browsing the Tutor source code:✓&q={{+patch+repo%3Aoverhangio%2Ftutor+path%3A%2Ftutor%2Ftemplates&type=Code&ref=advsearch&l=&l=8

Thanks a lot @regis for the followup and for the guidance.
I will take a look and share feedback.