Trying to add IPConfig rule breaks Magnolia admin

[Sebastian Kleine]

Hello

Tried to add a Magnolia IPConfig rule on the public system according to https://docs.magnolia-cms.com/product-docs/6.2/Administration/Security/IP-and-HTTP-permissions.html

The description says "To create a rule:" 

1. Add a content node in ...

Tried this and immediatly got logged out and the admin panel is not working any longer. I did not even get to the second point of adding ip and methods properties. It just doesn't let me do anything. So just adding an empty content node seems to break the IPConfig filter completly.

[Sebastian Kleine]

A quick way to recover if done on the public system is to publish the whole /server/IPConfig from the Author system (including subnodes).

[Sebastian Kleine]

And how can you disallow a certain ip adress or range? I added one and this ip adress can still access the webpage

[Richard Gange]

Hey Sebastian, thanks for reporting the problem. I looked into it and I think the problem was introduce with this change https://jira.magnolia-cms.com/browse/MAGNOLIA-7957. By simply adding a content node it throws a null pointer because of a missing property. It's been recorded as https://jira.magnolia-cms.com/browse/MAGNOLIA-8704. I think the better approach is to duplicate the "allow-all" node first and then reconfigure the properties. 

To disallow a certain ip address or range you need to have a / in the config. This is what triggers the condition. See this line https://git.magnolia-cms.com/projects/PLATFORM/repos/main.pub/browse/magnolia-core/src/main/java/info/magnolia/cms/security/IPSecurityManagerImpl.java?at=refs%2Ftags%2Fmagnolia-6.2.27#101

HTH

Rich

[Adrian Brooks]

Hello Sebastian,

Thank you very much for sharing this bug. We've created a bug report to fix the issue: https://jira.magnolia-cms.com/browse/MAGNOLIA-8704.

Best, Adrian