Does anyone know if its possible to use the feature that restricts access to gatways by IP address when the computers that will be used for the gateways are inside a network with a private address space and the server hosting Webwork is outside the network using a routeable IP address?
Hans de Moor
St. Mary's College
That somewhat depends on how your private address space is set up to connect to external websites. If it is using a proxy server then you may be able to use the "X-forwarded-for" header to identify the original client IP address. You can use the mod_remoteip apache module to do this automatically. I can give you more details if there is a proxy server in place.
If you are using network address translation (NAT), then things might be a little more complicated. How granular do you need to be in your address filtering? Are we talking about several computer labs, or a whole bunch of different locations? If it's only a few locations, you could ask your IT department if they are able to assign a specific external IP address to each set of internal IP addresses. This is something we have done at University of Calgary (though not specifically for WeBWorK). Alternatively, if these are computers you control it may be possible to set up your own proxy server which can identify individual computers to the WeBWorK server.
Let me know if you want more details on any of these options.
I know it is not related. But our loncapa servers when doing a statistics mid term exam (all students get accommodated in university labs) use a slightly different approach. What they do is create a unique code for the test and also use a lock down browser on the lab computers for extra protection. The code gets announced about 5 min before the exam I think. That is another way to prevent somebody from taking part in an exam in an unauthorised way. Does something similar exist in webwork?
There are a couple of ways to protect a gateway outside of IP restrictions:
- Proctored mode, where a proctor (TA or instructor) has to authenticate before a student can start the exam, and again when they submit.
- A set-level password, where a student must type in a password in order to start the exam.
Thanks Danny and Balagopal,
We are using NAT campus wide, and so this is still an active discussion with our IT. Balagopal, your comments make me think that perhaps a more formal administrative (non-computer based) means of administering proctor passwords may ultimately be the best path for us.