From 2afa3aa1ad70009c50af850ddd89f12685935e99 Mon Sep 17 00:00:00 2001 From: svetlana maleeva Date: Tue, 16 May 2023 18:40:03 +0300 Subject: [PATCH 1/3] Add new article docs-configure-ipfilter.aspx --- Web/Controls/Help/Installation/Docs.ascx | 3 + .../Help/Installation/DocsCommunity.ascx | 1 + .../Help/Installation/DocsDeveloper.ascx | 1 + .../Help/Installation/DocsEnterprise.ascx | 1 + .../Help/Installation/Installation.ascx | 3 + .../ConfigureIPFilter/ConfigureIPFilter.ascx | 78 +++++++++++++++++++ Web/installation/docs-configure-ipfilter.aspx | 20 +++++ 7 files changed, 107 insertions(+) create mode 100644 Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx create mode 100644 Web/installation/docs-configure-ipfilter.aspx diff --git a/Web/Controls/Help/Installation/Docs.ascx b/Web/Controls/Help/Installation/Docs.ascx index 59a1af7ea..7babe00d2 100644 --- a/Web/Controls/Help/Installation/Docs.ascx +++ b/Web/Controls/Help/Installation/Docs.ascx @@ -48,6 +48,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • System requirements
    @@ -163,6 +164,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • System requirements
    @@ -270,6 +272,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • Developing
    diff --git a/Web/Controls/Help/Installation/DocsCommunity.ascx b/Web/Controls/Help/Installation/DocsCommunity.ascx index f783ba7bb..441039d07 100644 --- a/Web/Controls/Help/Installation/DocsCommunity.ascx +++ b/Web/Controls/Help/Installation/DocsCommunity.ascx @@ -46,6 +46,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • System requirements
    diff --git a/Web/Controls/Help/Installation/DocsDeveloper.ascx b/Web/Controls/Help/Installation/DocsDeveloper.ascx index e589189d8..62476265c 100644 --- a/Web/Controls/Help/Installation/DocsDeveloper.ascx +++ b/Web/Controls/Help/Installation/DocsDeveloper.ascx @@ -39,6 +39,7 @@
  • ">Configuring ONLYOFFICE Docs Developer Edition
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • Developing
    diff --git a/Web/Controls/Help/Installation/DocsEnterprise.ascx b/Web/Controls/Help/Installation/DocsEnterprise.ascx index 63f526398..714f28dcd 100644 --- a/Web/Controls/Help/Installation/DocsEnterprise.ascx +++ b/Web/Controls/Help/Installation/DocsEnterprise.ascx @@ -38,6 +38,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • System requirements
    diff --git a/Web/Controls/Help/Installation/Installation.ascx b/Web/Controls/Help/Installation/Installation.ascx index 26987346b..65db8ac16 100644 --- a/Web/Controls/Help/Installation/Installation.ascx +++ b/Web/Controls/Help/Installation/Installation.ascx @@ -465,6 +465,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • System requirements
    @@ -579,6 +580,7 @@
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • System requirements
    @@ -686,6 +688,7 @@
  • ">Configuring ONLYOFFICE Docs Developer Edition
  • ">Connecting Amazon S3 bucket as a cache to ONLYOFFICE Docs
    • +
  • ">Configuring IP filter for ONLYOFFICE Docs
  • Developing
    diff --git a/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx b/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx new file mode 100644 index 000000000..3282ef61e --- /dev/null +++ b/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx @@ -0,0 +1,78 @@ +<%@ Control Language="C#" Inherits="BaseContentUserControls"%> +<%@ Register Namespace="TeamLab.Controls" Assembly="__Code" TagPrefix="cc" %> + + + +
    +

    Configuring IP filter for ONLYOFFICE Docs

    + +
    +
      +
      • +
      • +
      • +
    +
    +
    +

    You can configure IP filter for ONLYOFFICE Docs.

    +

    The IP filter settings are stored in the ONLYOFFICE Docs configuration file: /etc/onlyoffice/documentserver/default.json. They look like this:

    +
    "ipfilter": {
+       "rules": [
+         {
+           "address": "162.243.205.250",
+           "allowed": true
+         },
+         {
+           "address": "*",
+           "allowed": false
+         }
+       ],
+       "useforrequest": false,
+       "errorcode": 403
+     }
+
    +

    A rule consists of two parts: the host name and the allowed rule itsef which has the true of false value. By default, one rule exists: address * allowed true.

    +

    An address can be specified in the following ways:

    +
      +
    • An IP address in the X.X.X.X format for ipv4.
      • +
    • An IP address in the xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx format for ipv6.
      • +
    • A DNS name.
      • +
    +

    It's also possible to use the * wildcard character. It replaces any character any number of times.

    +

    The host name in links is checked as a DNS address at first, if it does not match any rule, the IP address is found by the name and the check is performed once again.

    +
    ImportantIf the "useforrequest": true check is enabled, the address parameter must be specified as an IP address, not a DNS name.
    +

    "useforrequest": true/false

    +

    By default, the useforrequest parameter is set to false. In this case, the text URLs which come to ONLYOFFICE Docs as parameters are checked:

    + +

    If the useforrequest parameter is set to true (not recommended), the client IP address in the following http requests is additionally checked:

    +
      +
    • coauthoring/CommandService.ashx
      • +
    • ConvertService.ashx
      • +
    • converter
      • +
    • FileUploader.ashx
      • +
    • healthcheck
      • +
    • docbuilder
      • +
    • info/info.json
      • +
    • internal/cluster/inactive
      • +
    • hosting/discovery
      • +
    • hosting/capabilities
      • +
    • lool/convert-to/:format?
      • +
    • dummyCallback
      • +
    +

    For these requests, an error is returned with the code specified in the errorcode parameter.

    +
    ImportantOnly the IP address of the storage that ONLYOFFICE Docs can see (taking into account the x-forwarded headers) is checked. +

    E.g., if ONLYOFFICE Docs and the test example are installed on the same machine, the client IP address will be the address of the internal network. ONLYOFFICE Docs can't find out the host of the client, so it's not possible to use a DNS name in the address field with this setting. It's recommended to leave this setting with the default value and perform checks at the proxy level.

    +
    +
    +
    \ No newline at end of file diff --git a/Web/installation/docs-configure-ipfilter.aspx b/Web/installation/docs-configure-ipfilter.aspx new file mode 100644 index 000000000..74155407e --- /dev/null +++ b/Web/installation/docs-configure-ipfilter.aspx @@ -0,0 +1,20 @@ +<%@ Page Title="" Language="C#" MasterPageFile="~/Masters/InstallationGuides/InstallationDocsArticles.master" %> +<%@ Register Namespace="TeamLab.Controls" Assembly="__Code" TagPrefix="cc" %> + + + + + + + + + + +
    + + \ No newline at end of file From 142093093938c89df6e35f561e4c6aa231f5fee6 Mon Sep 17 00:00:00 2001 From: svetlana maleeva Date: Wed, 17 May 2023 11:04:37 +0300 Subject: [PATCH 2/3] Minor text fix --- .../Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx b/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx index 3282ef61e..57aefb8df 100644 --- a/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx +++ b/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx @@ -38,7 +38,7 @@ "errorcode": 403 } -

    A rule consists of two parts: the host name and the allowed rule itsef which has the true of false value. By default, one rule exists: address * allowed true.

    +

    A rule consists of two parts: the host name and the allowed rule itself which has the true of false value. By default, one rule exists: address * allowed true.

    An address can be specified in the following ways:

    • An IP address in the X.X.X.X format for ipv4.
      • From 06c41a34ab2b7906c34f80095648590f324acb8b Mon Sep 17 00:00:00 2001 From: svetlana maleeva Date: Thu, 18 May 2023 14:53:41 +0300 Subject: [PATCH 3/3] Fix ConfigureIPFilter.ascx --- .../Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx b/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx index 57aefb8df..bd3efe544 100644 --- a/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx +++ b/Web/Controls/Help/Server/Document/ConfigureIPFilter/ConfigureIPFilter.ascx @@ -26,7 +26,7 @@ 
      "ipfilter": {
        "rules": [
          {
-           "address": "162.243.205.250",
+           "address": "ip_address",
            "allowed": true
          },
          {
@@ -38,7 +38,8 @@
        "errorcode": 403
      }
      -

      A rule consists of two parts: the host name and the allowed rule itself which has the true of false value. By default, one rule exists: address * allowed true.

      +
      If you change the parameters in the default.json file, all the changes will be lost after the ONLYOFFICE Docs update or Docker container restart. To ensure that your changes persist after the update, please edit the /etc/onlyoffice/documentserver/local.json file preserving the structure.
      +

      A rule consists of two parts: the host name and the allowed rule itself which has the true of false value. By default, one rule exists: address * allowed true.

      An address can be specified in the following ways:

      • An IP address in the X.X.X.X format for ipv4.