|If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.
For further details, see Security issues with authorization extensions
Release status: experimental
|Implementation||User identity, User rights|
|Description||Allows you to authenticate users based on network information|
|Last version||1.0 (19 December 2007)|
|License||No license specified|
|Check usage and version matrix|
NetworkAuth extension is intended to basically bind a username to a particular network address. The reason it was developed was to grant read access to a particular subnet on a Wiki that denied read access to anonymous users. The assumption is that there are certainly times when Physical security is enough to allow access to certain resources.
In this extension, IP ranges, IP regex patterns, or hostname patters are associated with a MediaWiki username. It is reccommended that you create an account specifically for this purpose. Multiple ranges/patterns can be associated with multiple users.
NOTE: Hostpatterns are relatively unreliable. Use at your own risk - often the lookup times out and you won't get a match.
- Create a new folder (directory) in the following location:
- Download the extension
- Copy the files in to the new NetworkAuth folder
- Add the following code to your LocalSettings.php (at the bottom)
- NOTE - settings for $wgNetworkAuthUsers are EXAMPLES ONLY!
require_once( "$IP/extensions/NetworkAuth/NetworkAuth.php" ); $wgNetworkAuthUsers = array( 'iprange' => array('10.1.10.0/24', '10.2.10.152/32'), 'user' => 'CircComputer'); $wgNetworkAuthUsers = array( 'ippattern' => '/10\.1\.10\..*/', 'user' => 'RefComputer'); $wgNetworkAuthUsers = array( 'hostpattern' => '/.*\.domain\.example\.com/i', 'user' => 'AdminComputer');
- Follow Installation Instructions
- Users connecting from the specified network ranges will be authenticated (sort of) as the user associated with that range.