Hot to limit Public Access to a list of ip-adresses #5128

New Issue

OVERLORD · 2026-02-05T09:42:02+03:00

OVERLORD commented

2026-02-05 09:42:02 +03:00

Originally created by @Skittel on GitHub (Jan 18, 2025).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Hello,
I would like to create a wiki for a customer.
There request is the open the wiki inside the company without login to see all informations (Public Access).
From the outside (road warrior) only with login.

Is there a known way to limit public access to a list of ip-adresses?
Or is there a way to autologin from these ips?

Thanks

Stefan

Exact BookStack Version

v24.12.1

Log Content

No response

Hosting Environment

PHP 8.4 on Ubuntu 24

Originally created by @Skittel on GitHub (Jan 18, 2025). ### Attempted Debugging - [x] I have read the debugging page ### Searched GitHub Issues - [x] I have searched GitHub for the issue. ### Describe the Scenario Hello, I would like to create a wiki for a customer. There request is the open the wiki inside the company without login to see all informations (Public Access). From the outside (road warrior) only with login. Is there a known way to limit public access to a list of ip-adresses? Or is there a way to autologin from these ips? Thanks Stefan ### Exact BookStack Version v24.12.1 ### Log Content _No response_ ### Hosting Environment PHP 8.4 on Ubuntu 24

OVERLORD added the 🐕 Support label 2026-02-05 09:42:02 +03:00

OVERLORD closed this issue

2026-02-05 09:42:04 +03:00

OVERLORD commented

2026-02-05 09:42:07 +03:00

@ssddanbrown commented on GitHub (Jan 18, 2025):

There request is the open the wiki inside the company without login to see all informations (Public Access).

Generally that may be better achieved by hosting the wiki inside their firewall (within their own private company network) so it can be under their own managed network controls.

Is there a known way to limit public access to a list of ip-adresses?

BookStack does not specifically provide that, but you could instead set IP-based access restrictions at the web-server or host firewall level to completely prevent access outside those IPs.

Or is there a way to autologin from these ips?

Not built-in at all. You could maybe hack something in using our logical theme system if confident with PHP, but it's not something I can officially advice since it will require maintainence and could be easy to get wrong.

Generally, if the company uses a central login/authentication system, then connecting that to BookStack (via SAML2/OIDC if possible) so employees can use single-sign-on options is the general best approach to low-friction company access, since that will result in actual unique logged in users.

@ssddanbrown commented on GitHub (Jan 18, 2025): > There request is the open the wiki inside the company without login to see all informations (Public Access). Generally that may be better achieved by hosting the wiki inside their firewall (within their own private company network) so it can be under their own managed network controls. > Is there a known way to limit public access to a list of ip-adresses? BookStack does not specifically provide that, but you could instead set IP-based access restrictions at the web-server or host firewall level to completely prevent access outside those IPs. > Or is there a way to autologin from these ips? Not built-in at all. You could maybe hack something in using our logical theme system if confident with PHP, but it's not something I can officially advice since it will require maintainence and could be easy to get wrong. Generally, if the company uses a central login/authentication system, then connecting that to BookStack (via SAML2/OIDC if possible) so employees can use single-sign-on options is the general best approach to low-friction company access, since that will result in actual unique logged in users.

OVERLORD commented

2026-02-05 09:42:09 +03:00

@ssddanbrown commented on GitHub (Feb 25, 2025):

Since there's been no further follow-up here I'll go ahead and close this off.

@ssddanbrown commented on GitHub (Feb 25, 2025): Since there's been no further follow-up here I'll go ahead and close this off.

OVERLORD commented

2026-02-05 09:42:12 +03:00

@Skittel commented on GitHub (Feb 25, 2025):

Hello ssddanbrown,
sorry, I missed your answer.

I solved this by putting a pre-login-page in front.
If the user has a list of specific ips or know a general password the site is shown.
Sensitive infos are only shown to logged in users.

Works for my customer.

Stefan

@Skittel commented on GitHub (Feb 25, 2025): Hello ssddanbrown, sorry, I missed your answer. I solved this by putting a pre-login-page in front. If the user has a list of specific ips or know a general password the site is shown. Sensitive infos are only shown to logged in users. Works for my customer. Stefan

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5128