vicidial.org

[iboam]

Hi, is there a way to redirect to the ...... valid8.php if ip address is not validated and when validated redirect the user to the main page to login as agent or admin ???

[mflorell]

Not exactly, we do have "Admin -> IP Lists" though, which allows for you to allow/restrict access to the admin, agent and API web services.

[iboam]

Yes i have it like that but im interested for the agent, that sometimes change the ip address maybe find a way that i they try to login and it's a new ip, redirect to the valid8 page and then when validation is done redirect to the main page

[williamconley]

Yes i have it like that but im interested for the agent, that sometimes change the ip address maybe find a way that i they try to login and it's a new ip, redirect to the valid8 page and then when validation is done redirect to the main page

If someone is not on the allowed IP list, they do not have the ability to contact the server at all. This makes a user whose IP has changed the same (from the firewall's standpoint) as chinese bad guys.

The difference between these two groups of people: You have sent a link to your agent. You have not sent a link to China.

So send the link to the valid8.php page instead of the welcome page. Notably, you should also change that valid8.php page to a random 30-character string so "knowing it's vicidial" doesn't allow brute force attacks to valid8.php. This also even allows you (if you want) to create more than one valid8.php page so you can delete any that are exposed or if you determine that there's a bad actor in one of your remote locations.

No reaons why they can't just use the dynamic login all the time.