Plugin to exclude the webmaster based on IP or IP range

[matt]

We want to be able to exclude a list of IPs, and/or a list of IP ranges (using *.*.123.34 notation) from being tracked by Piwik.

The list of IPs to exclude would be stored in the website cache file (where goals and alias URLs are stored).

In the UI, the feature should be available

• general exclusion list (only available to the super user): would apply to all website registered in Piwik, would need their own cache file (that applies to all websites)
• for each website, we can define a list of IPs. All IPs in this list + in the general list are checked at each Piwik request.

As an inline help, the UI would show the user current IP that he could copy paste in the list.

The UI would call the API in JSON (like the existing screens).

The UI for this feature should be designed to be part of a "preference page" for a website, as we need to add several new preferences for each website: #41, #42, #43, #56. Ideally, all the UI would be ajax (very quick to go from the list of websites in the admin UI, to load one website details page, to come back to the list of websites).

Outstanding question: should it be in the SiteManager plugin, or a new plugin? Should it be part of the core (to minimize overhead of loading plugins at Tracker time...)

[vipsoft]

There's a special case where the IP (or IP range) to be excluded falls within these reserved ranges:

• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255

I'm going to roll the requirements in from #567. Visitors with HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR, IP addresses in the private IP address ranges should instead use the first public address in the list, falling back to $_SERVER['REMOTE_ADDR'].

Also, it looks like there are a couple of unreachable codepaths in the current implementation of getIp() which should be reviewed.

[vipsoft]

In  http://forum.piwik.org/index.php?showtopic=1540 there's a mod to Provider to map local IP addresses to internal "provider" names, eg "net1", "net2", ...

[matt]

this has become by far the most requested feature - receiving messages twice a day asking for this feature. We should push it in the product.

[matt]

(In [1970]) Fixes #43 - modify websites admin UI, API to add a column Exclude IPs - IPs contain wildcards, unlimited IPs per website - below the website table, added a "Global IP exclude" list. Ips there are excluded from all websites automatically. - IPs are stored in the tracker cache file for fast access at Tracking time. - added new field in website table "excluded_ips" - refactored the ajax loading/error display to allow multiple loading/error div per page

[matt]

Known limitations

• does not work with IPv6 addresses
• I haven't researched the getIpString() function as explained by Anthon in #comment:10 - feel free to pick it up from there

[vipsoft]

I see the code uses ip2long() and <= => for comparisons. This smells like a latent bug. Since longs are signed, we have to make sure IPs in the range of 128.0.0.0-255.255.255.255 are handled correctly. Re-opening so we can add isVisitorIpExcluded() testable via unit tests.

re: #comment:10, I've re-opened #567.

[matt]

ouch you're right, thanks for the review!

[matt]

(In [1972]) Fixes #43 Adding tests that prove that the code was working as expected (I got lucky :) the IP 255.255.255.* is stored in the config file as:

array (

0 => -256, 1 => -1,

),

which passes the test >= && <= as expected

[vipsoft]

(In [1977]) refs #43 - getIp() returns a stringified, unsigned number; changed unit test to match getIp()'s behaviour; SitesManager converts min/max to non-negative numbers