Note: The recipes here are for PmWiki versions 0.6 and 1.0 only. For PmWiki 2.0 recipes, see Cookbook.


I wanted a way to disallow only edits (not reads) from certain IPs. So, here's the solution.


Download Attach:blockedit.php and put it in your local/ directory. Then put the following in your local/config.php:

 $DenyEditFrom = array("10\..*", "192\.168\.0\.1");

Modify to your tastes. $DenyEditFrom should be an array of valid Perl regular expressions that will match against $_SERVER['REMOTE_ADDR']. The above example prevents any edits from computers in the subnet, as well as the single address You can also (or in place of $DenyEditFrom) define an $AllowEditFrom array, following the same format as $DenyEditFrom, but which will allow edits from the given IPs instead of deny them. Matches in $AllowEditFrom take precedence over $DenyEditFrom.

See Also



Comments & Bugs

It will conflict with sessionauth, because they both modify the setting of $AuthFunction. Cookbook.Blocklist could be a replacement.



Public domain. Feel free to do whatever you want with it, but I'm not responsible for anything that happens :)


An anonymous contributor notes that the script does not check for uploads and does not check by hostname, e.g. "*". Here is a simple update:

 function ImprovedBasicAuth($pagename,$level,$authprompt=true) { 
  global $AllowEditFrom,$DenyEditFrom; 
  if ($level == "edit" || $level == "post" || $level == "upload" || 
      $level == "postupload" ) { 
      foreach ($AllowEditFrom as $re) 
        if( preg_match("/^$re$/i", $_SERVER['REMOTE_ADDR']) ) 
          return BasicAuth($pagename,$level,$authprompt); 

      foreach ($DenyEditFrom as $re) 
        if( preg_match("/^$re$/i", $_SERVER['REMOTE_ADDR']) || 
            preg_match("/^$re$/i", $_SERVER['REMOTE_HOST']) ) 
          return false; 

  return BasicAuth($pagename,$level,$authprompt); 

pmwiki-2.2.138 -- Last modified by {{}}?

from IP: ip should be disabled by default for security reasons