Showing results for 
Search instead for 
Did you mean: 
Learner II

How can I display an alert if student is on certain IP address?

Jump to solution

My campus has a guest network that students are not supposed to use. Unfortunately, about 10-20% of our students use guest. This has not been a problem until recently when students have used LockDown Browser to take Canvas quizzes. The high latency causes the application to fail. 

In considering solutions, we had an idea that would be very tidy. Using custom code in our sub-account course theme, it should be possible to grab the user's IP address and insert an element on the page that warns them about using the guest network. We could then monitor last-login IP addresses until we are confident that students have configured the secure enterprise network. Then we can disable the function in the template.

I think the solution is going to use our sub-account custom course theme JS. All solutions I've explored so far have used a third-party tool to retrieve the IP address, which would probably fail due to cross-site scripting controls. However, since IP filtering is an option in Quizzes, my hope is that I could read the IP address easily from the session cookies or some other object. However, I can't seem to locate the IP if it indeed stored in an accessible location.

Can my Canvas template get the user's IP address without causing cross-site scripting errors?

Updated: Clarification and Precision.

13 Replies

I think that's a great suggestion. Unfortunately, that would affect everyone on our campus, of which our school is only a small percentage. Controls within the Canvas sub-account offers a more focused approach for our student population.


This is most likely the actual API call from your script be adding to the user's page view records.

This will probably need a little more research, but I think a way to verify if the page view is an API or not is to check if the 'user_agent' is NULL or the 'action' or 'URL' contains API in the string.

For example:

function getIpAddress () {
   $.getJSON( "/api/v1/users/self/page_views", function( data ){

         foreach(i = 0; i < data.length; i++){

            if(data[i].user_agent != NULL){
               var myIpAddress = data[i].remote_ip.toString();
               $.cookie("my_ip_address", myIpAddress, {path: '/'});




Great suggestion! This may come in handy.

However, I realized that I the root of the problem is that I delayed the request by placing it beneath some other code that only ran if a user stayed on the page for longer than 4 seconds. Therefore, the cookie was set at an inappropriate time.

If this becomes a permanent feature of our sub-account, I think I would want to build in some validation like in your example. 

Since this is a temporary stop-gap, and I'm more concerned about false positives than false negatives.

My problem is solved! Thanks, Alex! You rock!!

Community Member

Our solution is to block Canvas on the Guest network at the firewall.  Simple and effective at keeping the students off Guest, and it doesn't affect non-Canvas users on Guest.