Allow to specify list of IPs in a body on maintenance.flag which will be granted access even if the flag is on #454
Conversation
… be granted access even if the flag is on
|
Great idea for a PR, Tim! Assuming that this is useful to others (I'm certain it is), I'd like to see the concept abstracted. Ideally we have a mechanism of whitelisting which is a bit more open to implementation, so that the provider of the whitelist is not just raw text via core PHP methods. Further, it's an unnecessary risk to store these "important" IPs in a plain-text format which will be served by the web server (not sure if this applies to pub-compiled instances or not ATM). Perhaps this PR should be modified to include an "allowed IPs" PHP file, and the |
|
What would you say about storing IPs in environment variable (SetEnv/fastcgi_param)? Should be the safest. |
|
It's certainly an approach, and one which is in keeping with the usage of environment variables in the bootstrap/initialization phase of the app. The application of this is clunky as hell though: Also, I've run into some "fun" and not-unknown issues regarding environment variables set dynamically in Apache, so I'm a bit wary of this approach. |
|
I think we shouldn't have relation with IPs. I think we should make ability set in .htaccess (or virtual host section) secret key, and when user go to our website with get param ?secret={my_secret_from_htaccess} we should create special cookie for them and grant access for them. |
|
@igor-svizev what is the benefit over IPs approach? |
|
@tim-bezhashvyly we can have load balancer, and in some cases we may have load balancer ip. Also admin user may be under NAT, so we may grand access not only from that user. |
|
@igor-svizev can you illuminate a little bit regarding load balancer? How the IP based approach can harm it? |
|
|
|
@igor-svizev but in this case of such wrong configuration of balancing server all functionality base on |
|
@benmarks updated. Moved IPs declaration to app/etc/allowed_ips.xml. Details in pull request description. Please let me know what do you think. |
|
I think this is something nice, but nothing which belongs into magento itself. The index.php is an entry point, and should be as simple as possible and should only contain really needed configuration. maintenance is a very company specific process and strongly depends on eventual loadbalancers and server configurations. My personal point where Iam afraid: you have to fight the opcache for switches between On and Off and for changes on the allowed IPs |
|
@Flyingmana with such an approach you can remove 50% of Magento functions. If due to some configuration IP restriction will not work for you just don't use it. I completely agree that front end controller has to be as clean as possible but there is no other way to plug this functionality in. And it is just couple of lines. |
|
Guys, I've read your discussions here. While I'm totally agree that "allowed IPs in the maintenance mode" is a great idea. I don't see that we have come to the agreement how to add this to Magento 2 core. is everybody fine with the latest approach that @tim-bezhashvyly suggested? |
|
I like the approach of @tim-bezhashvyly so far if the decision is that Magento itself will handle maintenance. There's also a point at @Flyingmana that maintenance should not be handled by Magento as it's probably really something company/instance specific, but then the whole maintenance.flag implementation can be removed. So there's no point in rejecting this pull request for that. And if someone doesn't know his ips, cannot configure a loadbalancer and adds the loadbalancers ip to the allowed-ips list, then he anyway has some bigger problems. ;) So, be happy that someone is pushing a good extension here. <3 |
|
sorry Tim. this is a great idea but reaolving an IP is never reliable and having maintenance disabled for accessing remote magento by some ip is more a missing development instance than needed functionality. |
|
@igor-svizev is right. We also have troubles with the IP addresses within our AWS network. IPs are too inconsistent. I would like to propose a HTTP Header Flag like the guys from theguardian.com did it. AFAIK it should be much easier to forward a HTTP Header.
Sure it is more config work on client side to gain access via a HTTP Header ... |
|
I agree that blocking everybody isn't useful. If you put a store in maintenance mode the change is high that the developers want to access the store (backend or frontend). We don't use the maintenance flag but use htaccess to show maintenance pages to customers. For us the IP-based access restriction is good enough but I'd be OK with alternatives (HTTP Header Flags, special cookies, ...). |
* Cache: * Implemented depersonalization of private content generation * Implemented content invalidation * Added Edge Side Includes (ESI) support * Added a built-in caching application * GitHub requests: * [#454](#454) -- Allow to specify list of IPs in a body on maintenance.flag which will be granted access even if the flag is on * [#204](#204) -- Mage_ImportExport: Exporting configurable products ignores multiple configurable options * [#418](#418) -- Echo vs print * [#419](#419) -- Some translation keys are not correct. * [#244](#244) -- Retrieve base host URL without path in error processor * [#411](#411) -- Missed column 'payment_method' of table 'sales_flat_quote_address' * [#284](#284) -- Fix for Issue #278 (Import -> Stores with large amount of Configurable Products) * Fixed bugs: * Fixed an issue where Mage_Eav_Model_Entity_Type::fetchNewIncrementId() did not rollback on exception * Fixed an issue where a category containing more than 1000 products could not be saved * Fixed inappropriate error messages displayed during installation when required extensions were not installed * Fixed synopsis of the install.php script * Fixed an issue where the schedule of recurring payments was not displayed in the shopping cart * Modularity improvements: * Introduced the OfflinePayments module - a saparate module for offline payment methods * Added the ability to enable/disable the Paypal module * Moved the framework part of the Locale functionality from the Core module to library * The Locale logic was split among appropriate classes in library, according to their responsibilities * Removed the deprecated DHL functionality * Introduced the OfflineShipping module for offline shipping carrier functionality: Flatrate, Tablerate, Freeshipping, Pickup * Introduced a separate module for the DHL shipping carrier * Introduced a separate module for the Fedex shipping carrier * Introduced a separate module for the UPS shipping carrier * Introduced a separate module for the USPS shipping carrier * Framework Improvements: * Added the ability to intercept internal public calls * Added the ability to access public interface of the intercepted object * Added a static integrity test for plugin interface validation * Added support for both class addressing approaches in DI: with and without slash ("\") at the beginning of a class name * Customer Service usage: * Refactored the Customer module blocks and controllers to use customer service layer * Security: * Introduced the ability to hash a password with a random salt of default length (32 chars) by the encryption library * Utilized a random salt of default length for admin users, and frontend customers
|
@tim-bezhashvyly, we have processed your pull request. The code has been released in version dev68. We will also add information on using maintenance.flag and the list of IP addresses to the documentation. So far, please add IP addresses separated with comma directly to the maintenance.flag file. |
[Falcons] Bug fixes for Import/Export, Travis
CABPI-409: "After" test action is missed in CallbackWithoutCodeRedirectsToAdminLoginTest
This is a new functionality allowing to specify list of IPs which will be granted access to the website even if maintenance flag is on.
The IPs just has to be specified in the
app/etc/allowed_ips.xmlfile. The format of the file has to be the following:The names of nodes doesn't matter. The just has to be one root node and then each IP has to be stored in a child node with the same tag.
This functionality can be useful for release processes when the developer needs to make sure that the website is running as it should while general public is not able to access the website. Another use case can be the occasion when the problem critical is found on production website and seems to be a server specific. In this case developer will be able to put the maintenance flag but still access the website by himself in order to trace the problem.
The implemented feature is not covered with tests as "maintenance.flag" related functionality is not covered in stock.
There is no XML validation implemented. The
allowed_ips.xmlis supposed to be a valid XML file. If file doesn't exits the script will just move on considering there are no allowed IPs.