To increase the security level in the TGPX control panel, it has an access list feature. This feature allows you to specify a list of "safe" IP addresses or hostnames which will be allowed to access all functions of the control panel. Anyone who connects to your control panel from an IP address or hostname other than those in the list will not be able to access those functions. By default the access list feature is disabled, but it is highly recommended that all users utilize this feature for increased security.
Enabling the Access List Feature
To enable this feature you will need to edit the access-list.php file that is included with the software. Each IP address or hostname that is listed in this file will be able to access all functions of the software control panel (assuming the administrator account privileges are set accordingly). You should keep this list as small as possible so that only the absolutely necessary IP addresses and hostnames are listed.
Open the access-list.php script in a plain text file editor. When you open that file it will look something like this:
Setting the permissions to 444 on this file will enhance the security of this feature, however if you need to make changes to the access list you will need to temporarily change the permissions to 644. Once you have made the necessary changes, be sure to change the permissions back to 444.
It is possible to use the * character within your IP address and hostname list to indicate a wildcard character. As you may have noticed, the example above includes a wildcard in the third IP address in the list and the hostname. That * character means any value can appear in that position, which would give access to anyone coming from an IP address in the 18.104.22.168 through 22.214.171.124 range. You can use multiple wildcards, but this is not recommended since it will open up a large range of IP addresses.
Ignoring the Warning Message
If you don't want to use the access list feature and want to get rid of the warning message that one is not configured, simply uncomment the $allowed_ips setting in the access-list.php file and do not add any IP addresses to the list. The updated access-list.php file would look like this: