transfer.sh icon indicating copy to clipboard operation
transfer.sh copied to clipboard
verified publisher icon dutchcoders

Feature: skip auth from specific IP

Open michaelscl opened this issue 3 years ago • 6 comments

Hi,

We use the service to exchange files between customers. It would make the work easier to not require upload authentication when accessing from defined IPs.

What do you think?

best regards

Michaels

michaelscl avatar Aug 19 '22 19:08 michaelscl

@michaelscl I see some value indeed, while I'm not sure about the extra complexity in configuration

just an idea at infra level: have you thought about hosting two instances pointing at the same storage, one with and one without upload authentication, and route to the second from the IPs you'd like to whitelist?

paolafrancesca avatar Aug 20 '22 13:08 paolafrancesca

have you thought about hosting two instances pointing at the same storage, one with and one without upload authentication, and route to the second from the IPs you'd like to whitelist?

hello @michaelscl where you able to try this solution?

paolafrancesca avatar Aug 31 '22 06:08 paolafrancesca

@aspacca nice idea, I will give it a try

toastie89 avatar Sep 07 '22 17:09 toastie89

@aspacca, thanks for the workaround! Having one container with HTTP_AUTH_USER and another with IP_WHITELIST pointing both to the same storage works fine.

toastie89 avatar Sep 08 '22 08:09 toastie89

@aspacca Yes, this is a partial solution for me. For the convenience of uploading from our lan, I didn't want to use HTTP_AUTH at all. I use the program through a reverse proxy and sometimes I have a problem with HTTP_AUTH - the login window doesn't pop up and it shows an error.

michaelscl avatar Sep 08 '22 20:09 michaelscl

@michaelscl as I said my main concern was about complexity of the configuration.

I think a solution migth be to add NO_HTTP_AUTH_FROM_WHITELIST

paolafrancesca avatar Sep 12 '22 02:09 paolafrancesca

@michaelscl do you think the provided solution at infra level is satisfying?

I will look into adding NO_HTTP_AUTH_FROM_WHITELIST in case

paolafrancesca avatar Dec 22 '22 09:12 paolafrancesca

@michaelscl do you think the provided solution at infra level is satisfying?

I think YES, if the implementation is easy.

michaelscl avatar Dec 22 '22 20:12 michaelscl

I think YES, if the implementation is easy.

I was talking about this solution:

have you thought about hosting two instances pointing at the same storage, one with and one without upload authentication, and route to the second from the IPs you'd like to whitelist?

paolafrancesca avatar Dec 23 '22 00:12 paolafrancesca

have you thought about hosting two instances pointing at the same storage, one with and one without upload authentication, and route to the second from the IPs you'd like to whitelist?

Yes, but this is such a noodle solution. As I wrote. This whole thing is just a suggestion. It's up to you if you decide to implement it or not.

michaelscl avatar Dec 23 '22 15:12 michaelscl

@michaelscl #538 in the case an IP already passed the IP filters authorise automatically for upload

not sure how useful it is. if you currently use the ip filter but you still set an http auth it means you want to differentiate two sets of ip filter lists: the one for get request and the one for upload requests

indeed I'm going to refactor the code in PR and provides a separated http auth ip filter lists because it is the only thing that makes sense

paolafrancesca avatar Mar 12 '23 03:03 paolafrancesca