On Tue, 11 Sep 2012 13:00:41 -0700, Jim Pazarena roundcube@paz.bz wrote:
I just learned about a cool feature which last pass uses... restrict login to a specific country or countries
It would certainly be a benefit to me to be able to restrict logins (in my case) to canada & us from the individual setup screen per client.
I have seen multiple instances of spam injection into roundcube via a hacked client. Always by a foreign country 'hacker'.
RoundCube is the wrong place to implement host controls. If you want to do this at the HTTP level, you can do it in Apache. Certain originating IP's can be blocked from accessing the application entirely. You can redirect them to a static page which informs the user that access is not allowed from that place of origin.
More strongly than that, you can do the filtering in iptables right in your kernel, so that the connection requests can reach your machine, but are never seen by Apache. Or right in your network's router, so that the offenders are stopped right at your doorstep.
I have a whole ton of iptables rules that ban various IP blocks. Many of them in China and other places. The server simply appears as a black hole for all packets.
Here is an example entry in my iptables save/restore file which blocks a range of IP addresses:
-A INPUT -m iprange --src-range 125.64.0.0-125.71.255.255 -i eth0 -p tcp -m tcp --dport 25 -j DROP
That particular netblock has been a source of spam connections to my mail server. I don't block everything, just TCP port 25. But of course everything could be blocked like this:
-A INPUT -m iprange --src-range 125.64.0.0-125.71.255.255 -i eth0 -j DROP