How to close access to the authorization form?

Hello!
It is necessary to close access to the authorization form for all ip addreses, except for certain ones.

But only the authorisation form, right? External users will still be able to download shared links (which were set to public download)?

That’s an interesting use-case!

As far as I know, you cannot do that easily from within Cells itself (unless you hack the code, there is) — I’m assuming you’re using the Community Edition. But if you are running Cells behind a reverse proxy, it might be possible to do something!

For instance, a quick look at the HTML for the authorisation form shows that it calls frontend/bootconf (among others), allegedly something internally routed to produce the authorisation form (there are more such calls, this is not the only one). What you could do is to set a rule on the reverse proxy to deny all access to such internal links, except for those few exceptions.

Thus, even if someone tries to access the Pydio backoffice page, they will not see the authorisation form, but probably just a blank page with a background image.

Beyond that, I’m afraid that the only alternative would be to hack the templates or possibly even the code…

Yes, I’m writing about the Community Edition. I need to block access to the authorization form from the internet. In nginx I use this scheme:

  location /server-status {
      allow 111.111.111.111;
      allow 11.11.11.11;
            deny all;
  }

there is something similar in Caddy.
Is there any way to transfer these settings to Caddy?

I’m not familiar with Caddy, but the answer most likely is ‘probably yes’.

However, if you’re already using nginx, why don’t you use it instead as a reverse proxy? Then you can apply whatever rules you wish to nginx…

1 Like