Nội dung
DirectAdmin supports custom scripts that allow Limit IP according to the list of IPs that have allowed access for users.
Overview
In this article, the support script is quite good for some fields that are much more internal. For the information to work well and with high security, it will list the IPs into a list of IPs that will be allowed access.
IPs added to ip_list.txt will be allowed access, IPs not in ip_list.txt will be denied access => Limit IP according to IP list. Every time you log in, check that the file ip_list.txt matches the IP in ip_list.txt that will be accessed.
To get a fixed IP to access, I need to provide Wan IP information for the ISP to administrate in ip_list.txt
Note: I provide a fixed static IP for long-term and stable operation.
Steps to perform Limit IP based on DirectAdmin IP list
Step 1: Create a Limit IP script based on the IP list
First, you go to custom at /usr/local/directadmin/scripts/custom/ and create a new file login_pre.sh with the touch command:
cd /usr/local/directadmin/scripts/custom/
vi login_pre.sh
chmod 700 login_pre.sh
The Limit IP script follows the IP list for DirectAdmin below:
#!/usr/local/bin/php
<?php
$user = getenv('username');
$ip = getenv('ip');
$ip_list = "/usr/local/directadmin/scripts/custom/ip_list.txt";
if ($user == 'demo_user' || $user == 'demo_reseller' || $user == 'demo_admin')
{
//not worried about demos
exit(0);
}
$lines = file($ip_list);
foreach ($lines as $ip_val)
{
$ip_val = trim($ip_val); //remove trailing newlines
if ($ip == $ip_val)
{
exit(0);
}
}
echo "Invalid IP";
# thông báo Invalid IP khi check IP không khớp với file ip_list.txt
ở log
exit(1);
?>
Step 2: Create a list of Limit IP
Now create a Limit IP list according to the list of IP DirectAdmin is allowed to access.
cd /usr/local/directadmin/scripts/custom/
vi ip_list.txt
# thêm ip vào ip_list.txt sẽ được phép login vào directadmin
Create a custom folder in templates if not already with the mkdir command below:
mkdir -p /usr/local/directadmin/data/templates/custom
cd /usr/local/directadmin/data/templates/custom
cp ../edit_files.txt .
echo "/usr/local/directadmin/scripts/custom/ip_list.txt=user=root&group=root&permission=600&secure=yes" >> edit_files.txt
Step 3: Update script Limit IP based on DirectAdmin IP list
Next, please Update the script Limit IP based on the DirectAdmin IP list to take effect. You access custombuild and build update_script with the following command:
cd /usr/local/directadmin/custombuild
./build update_script
Then you need rewrite_confs. This step is quite important, you need to rebuild the templates for the update script to complete.
cd /usr/local/directadmin/custombuild
./build rewrite_confs
Step 4: Check the Limit IP script based on the IP list
To check if the Limit IP script according to the IP list is valid or not, please log in to check it. In particular, get the IP outside the ip_list.txt list to know if you can log in or not, and then recheck the access log.
tail /var/log/directadmin/error.log
tail /var/log/directadmin/login.log
Check the log, the IPs outside ip_list.txt will not be accessible => so you have succeeded.
Summary
Hopefully, this article will help you strengthen your internal system security with DirectAdmin from the Limit IP based on the IP list.
Wishing you success. See more useful articles about DirectAdmin at the following link:
If you need assistance, you can contact support in the ways below:
- Hotline 247: 028 888 24768 (Ext 0)
- Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com .
