Redirect loop when using Yii ip access rule

GoofyX · December 2, 2014, 10:03am

Using Yii 1.1.15. I want to restrict the login and logout actions by ip rule. I have this inside the controller:




public function accessRules()

{

	return [

    	[

        	'allow',

        	'actions' => ['index', 'error'],

        	'users' => ['*'],

    	],

    	[

        	'allow',

        	'actions' => ['login'],

        	'users' => ['*'],

        	'ips' => ['xx.yy.zz.qq'],

    	],

    	[

        	'allow',

        	'actions' => ['logout'],

        	'users' => ['@'],

        	'ips' => ['xx.yy.zz.qq'],

    	],

    	[

        	'deny', // deny all users

        	'users' => ['*'],

    	],

	];

}

But when I call the login action in the browser, the browser enters a redirect loop. If I comment out the ips rule, it works. What is wrong with the above code?

GoofyX · December 3, 2014, 6:43pm

Any hints on this one…?

samdark · December 7, 2014, 9:03am

It’s the same situation I’ve fixed in Yii 2.0 recently. Login is allowed only for a certain IP and when it’s not allowed it redirects… to login. Which is not allowed.

GoofyX · December 7, 2014, 10:23am

Good, so this was a bug. Could you backport the patch to version 1.1?

GoofyX · December 7, 2014, 4:58pm

I’ve create a pull request for the 1.1 branch. Please check it. Thank you.