Reputation: 3324
Is this admin area protection technique in my CodeIgniter admin controller only for one ip address good?
I would like to protect my admin section but I am not sure if something like php if ip condition in construct of my Admin controller is enough.
I have all my files out of the root so only assets like images, css , js and index is available if ddos will be successful. Which is ok.
However, is condition like this enough for protecting my admin area?
Begining of my Admin class controller:
class Admin extends CI_Controller {
function __construct()
{
parent::__construct();
if ($this->input->ip_address() != '127.0.0.1')
{
redirect('/');
}
if (!$this->session->userdata('logged_in_admin') )
{
redirect('admin/login');
}
}
...
Is this security check of my own IP address 127.0.0.1 - just as an example ;) ) enough?
Can this be broken? If yes how?
Upvotes: 1
Views: 393
Answers (1)
Reputation: 944054
I wouldn't recommend it. IP addresses can be shared, reallocated and possibly spoofed.
It is also a system that lacks flexibility. Your Internet connection is down and you need to access the admin area from a mobile connection? Need to grant permission to another user? You have to get access to the source and rewrite the permissions system.
Upvotes: 1
Related Questions
- white list ip address for admin access
- restrict codeigniter admin panel ip address
- Restrict Access to Magento Admin Area in Nginx by IP
- Codeigniter: is it still safe to set sess_match_ip to FALSE
- Is this a good way for separating admin and public for my application in Codeigniter?
- Codeigniter Restrict Admin Page via URL
- Codeigniter 2.1 - Security for the admin part of the web site
- Banned IPs check before anything else in CodeIgniter
- ip whitelisting or run admin system locally only
- PHP 5 - Securing an admin area of a site