I try to secure the actual limesurvey installation.

Our German office for data security wants us to prevent administrative logins from the outside.

.htaccess is not helpful because it just blocks mydomain.tld/admin and not the actual and well known link for login in the role of admin.

Can someone help if there is an easy way by edition the index.php in the main folder, for example?
I would do that chance after every future update.

Someone else had the same problem / idea?

Thank you

I found a way that fits my requirements.

My solution is made with php. I just need to check the changes after every update.

Isn't it possible to block the "well known" URL via .htaccess as well?

While we are just allowed to use a few .htaccess directives this would not be a solution for us.

HI, this question is 3 years old, but would you give us a hint waht you changed in php ?

It can not be done in www.limesurvey.org/manual/Authentication...elopment#beforeLogin ?

Quick solution : set a limesurvey with 2 domain accessible : one with example.intra , other with example.org

And something like : if ($_SERVER != "example.intra") { throw 401; }

sicoda_limesurvey wrote: HI, this question is 3 years old, but would you give us a hint waht you changed in php ?

Here is my simple solution:
This works for large ip ranges. By changing the substring you can identify single IPs.
Private unrouted IP ranges would also work (like '192.168').



# Login into admin GUI only for dedicated IP addresses

# in file /application/controllers/admin/authentication.php



$IPRANGE = substr ($_SERVER,0,7);

switch ($IPRANGE) {
case "XXX.XXX":
break;
case "YYY.YYY":

break;

default:

die ('Admins only area!<br />');