Skip to Content

Pandora Login Guard

by ,
Odoo

19.00

v 17.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 397
Technical Name pandora_login_guard
LicenseOPL-1
Websitehttps://www.pandoratech.ae
Versions 13.0 14.0 15.0 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 397
Technical Name pandora_login_guard
LicenseOPL-1
Websitehttps://www.pandoratech.ae
Versions 13.0 14.0 15.0 16.0 17.0 18.0 19.0

Pandora Login Guard

Secure your Odoo Instance with precise IP and Time limitations.

This module drastically reduces the risk of unauthorized access by restricting when and where your users can log in. Built for enterprise and multi-site deployments, you can enforce centralized IP network boundaries and allowed shift schedules, complete with comprehensive reverse proxy support.

Core Features

  • IP Restrictions: Restrict users using single IPs, CIDR blocks, or IP IP ranges.
  • Time Windows: Allow login only between specific times (e.g. 08:00 to 17:00), or before/after a specific hour.
  • Timezone Aware: Configuration supports native user timezones.
  • Per-User Toggles: Enable or disable restrictions exclusively for the users that need them. Admin users can bypass rules if properly configured.
  • Detailed Audit Logs: Access a full history (`pandora.login.guard.log`) of every allowed and denied login attempt, recording the exact reason and request IP.
  • Clean Error Handling: Intercepts unauthorized attempts and presents a secure, clean warning to the user.
  • Full Reverse Proxy Support: Fully supports trusted reading of `X-Forwarded-For` and `X-Real-IP` when deployed behind Docker, NGINX, Traefik, or Apache.

Detailed Configuration & Reverse Proxy Setup

Reverse Proxy Guidance (Trust Reverse Proxy Headers)

When Odoo is hosted behind a reverse proxy (such as NGINX, Apache, HAProxy, or Traefik) or deployed in a containerized environment (like Docker), the Odoo server does not directly receive the public IP address of the user. Instead, it receives the internal IP address of the proxy (e.g., 192.168.x.x or 172.x.x.x).

To enforce IP restrictions correctly, you must configure Odoo to read the user's real public IP from the HTTP headers injected by your proxy.

Step 1: Configure Your Reverse Proxy

Your reverse proxy must be explicitly configured to forward the client's public IP address to Odoo. This is typically done using the X-Forwarded-For or X-Real-IP headers.

Step 2: Configure odoo.conf

Odoo must be granted permission to run in proxy mode. Open your odoo.conf file and ensure the following parameter is set under the [options] section:

proxy_mode = True
Step 3: Enable Trust Reverse Proxy Headers in Login Guard

1. Log in to Odoo as an Administrator.
2. Go to Settings > General Settings.
3. Scroll down to the Login Guard section.
4. Locate the Proxy block and check the Trust Reverse Proxy Headers box.
5. In the Proxy Header Names field that appears, input the headers your proxy uses, separated by commas (default is X-Forwarded-For,X-Real-IP).

Security Warning: DO NOT enable "Trust Reverse Proxy Headers" if Odoo is directly exposed to the internet! If your Odoo instance is not sitting behind a proxy and is directly publicly accessible, enabling this setting allows malicious users to easily spoof their IP address by manually submitting fake headers. 
Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.