Version 3.0.1
July 21, 2024
Added
- Allow
enabled
to be set using a callback function in config files.
Changed
- Update English translations.
Fixed
- Fix multi-site protected/unprotected URLs not being honoured.
- Fix an error when trying to determine multi-site plugin settings for installs where no primary site exists yet.
Version 3.0.0
May 13, 2024
Changed
- Now requires PHP
8.2.0+
. - Now requires Craft
5.0.0+
.
Version 2.0.12
July 21, 2024
Added
- Allow
enabled
to be set using a callback function in config files.
Changed
- Update English translations.
Fixed
- Fix multi-site protected/unprotected URLs not being honoured.
Version 2.0.11
November 9, 2023
Changed
- Action request endpoints are now no longer protected.
Fixed
- Fix too-early call on
User::getIdentity()
when plugin is disabled, for better performance.
Version 2.0.10
June 5, 2023
Fixed
- Fix an error when checking the enabled state of the plugin.
Version 2.0.9
May 27, 2023
Added
- Add
Cache-Control
headers when redirecting.
Fixed
- Fix an incorrect check for enabled state for multi-site installs.
Version 2.0.8
March 2, 2023
Fixed
- Fix
unprotectedUrls
as a config option not working correctly.
Version 2.0.7
January 18, 2023
Changed
- Only admins are now allowed to access plugin settings.
Fixed
- Fix Protected URLs/Unprotected URLs not working correctly for multiple values when set via the control panel.
Version 2.0.6
December 10, 2022
Added
- Add
enableCpProtection
plugin setting.
Fixed
- Fix login challenge when accessing the control panel.
Version 2.0.5
November 16, 2022
Fixed
- Fix an error introduced in 2.0.4.
Version 2.0.4
November 15, 2022
Added
- Add support for Cloudflare remote IP checking.
- Add support to block CP-based pages, not just site-based requests.
Version 2.0.3
October 19, 2022
Fixed
- Fix an issue with live preview checks for access control.
Version 2.0.2
July 13, 2022
Fixed
- Fix
protectedUrls
, andunprotectedUrls
URLs partial-matching incorrectly due to Regex rules. - Better normalising of
allowIps
,denyIps
,protectedUrls
, andunprotectedUrls
settings. - Revert infinite loop check, which results in incorrect redirect URLs.
Version 2.0.1
July 12, 2022
Fixed
- Fix an error when installing the plugin.
Version 2.0.0
July 10, 2022
Added
- Add resave console command for elements.
- Add checks for registering events for performance.
- Add
archiveTableIfExists()
to install migration.
Changed
- Now requires PHP
8.0.2+
. - Now requires Craft
4.0.0+
. - Now requires Knock Knock
1.2.16
in order to update from Craft 3. - Rename service classes.
- Rename base plugin methods.
- Use
Application::EVENT_INIT
to test access to ensure Craft is initialized properly.
Version 1.2.17
July 10, 2022
Added
- Allow arrays in config settings for
allowIps
,denyIps
,protectedUrls
,unprotectedUrls
. (thanks @Diewy).
Fixed
- Fix a potential infinite redirect loop if changing from
http
tohttps
.
Version 1.2.16
September 17, 2021
Fixed
- Fix site-based custom templates not working correctly.
Version 1.2.15
June 30, 2021
Added
- Add support for custom CP-based templates. (thanks @seibert-io).
- Add support for IPv4 and IPv6 CIDR blocks in allowIps and denyIps config. (thanks @onstuimig).
Changed
- Deny access to settings for non-admins.
Fixed
- Fix redirect URL not using the referrer URL after logging in.
Version 1.2.14
November 29, 2020
Fixed
- Fix potential error redirecting to non-site URLs after login. In some cases, this caused redirecting to a cpresources asset.
- Fix cookie not respecting the Craft
defaultCookieDomain
config setting.
Version 1.2.13
September 10, 2020
Fixed
- Fix incorrect
loginUrl
route, causing issues on some site setups (subdirectory installs).
Version 1.2.12
August 14, 2020
Added
- Allow env variables to be used in allow/deny IPs.
Fixed
- Fix login path not resolving correctly for some multi-site installs.
Version 1.2.11
August 10, 2020
Fixed
- Fix challenge URL not being correct for nested URLs.
Version 1.2.10
July 13, 2020
Added
- Add
useRemoteIp
to opt-in to more stricter IP checks if security is your concern.
Fixed
- Revert behaviour of using remote IP for checking user IP. Too many issues and edge-cases.
Version 1.2.9.2
June 22, 2020
Fixed
- Fix potential issue splitting multi-line settings (allowIps, denyIps, protectedUrls).
Version 1.2.9.1
June 18, 2020
Fixed
- Fix error introduced in 1.2.9.
Version 1.2.9
June 17, 2020
Deprecated
- Deprecate
whitelistIps
. UseallowIps
instead. - Deprecate
blacklistIps
. UsedenyIps
instead.
Version 1.2.8
May 20, 2020
Critical
Fixed
- Fix fetching the IP for a user that could allow spoofing via headers. Vulnerability
IP Whitelist bypass
reported by Paweł Hałdrzyński. - Ensure redirect param is validated to prevent malicious redirection. For custom forms, please update the redirect input to use
{{ redirect | hash }}
otherwise logins will not work. VulnerabilityOpen-redirect
reported by Paweł Hałdrzyński.
Version 1.2.7
April 21, 2020
Added
- Add
forcedRedirect
to force a redirected URL once logging in.
Version 1.2.6
April 16, 2020
Fixed
- Fix logging error
Call to undefined method setFileLogging()
.
Version 1.2.5
April 15, 2020
Changed
- File logging now checks if the overall Craft app uses file logging.
- Log files now only include
GET
andPOST
additional variables.
Version 1.2.4.2
April 1, 2020
Fixed
- Realllly fix live preview from cross-domains.
Version 1.2.4.1
March 31, 2020
Fixed
- Fix error thrown for console requests.
Version 1.2.4
March 31, 2020
Fixed
- Re-organise access testing code, and support cross-domain live preview (properly, through tokens).
Version 1.2.3
March 30, 2020
Fixed
- Exclude live preview requests from blocking access.
Version 1.2.2
March 14, 2020
Fixed
- Fix asset bundles causing style issues in the CP.
Version 1.2.1
February 25, 2020
Added
- Add support for Regex in protected URLs.
Fixed
- Fix protected URL comparison taking into account query strings, when it shouldn't.
Version 1.2.0
January 30, 2020
Added
- Add Craft 3.4 compatibility.
Version 1.1.2
January 7, 2020
Fixed
- Fix
yii\base\InvalidConfigException
error thrown in some instances.
Version 1.1.1
November 27, 2019
Added
- Added Custom login path. Thanks @X-Tender.
- Allow IPs to be whitelisted from login protection.
- Add Protected URLs to set specific URLs (and only those) for password protection.
Fixed
- Update redirect input. = Fix redirection after login.
Version 1.1.0
June 5, 2019
Added
- Add lock-out and security behaviour.
- Add multi-site settings.
- Add custom template setting.
- New icon.
- Add override notice for settings fields.
Version 1.0.3
February 9, 2019
Fixed
- Fix console requests throwing an error.
Version 1.0.2
February 2, 2019
Changed
- Downgrade requirement to Craft 3.0.x.
Fixed
- Fix settings not saving.
Version 1.0.1
January 30, 2019
Added
- Added
enabled
setting.
Version 1.0.0
January 26, 2019
- Initial release.