Image

Knowledge base → Restricting access to the administrative section of the site by IP in nginx

[Virtual servers]
Date of publication: 22.03.2024

Depending on the content management system itself (CMS), we recommend limiting access to the administrative section of the site at the web server service level.

Using the example of CMS Laravel, where the administrative section exists separately from the site itself, the following configuration design in nginx works well

...

location /myadmin {
     try_files $uri $uri/ /index.php?$query_string;
     allow 77.xx.80.xxx;
     allow 89.xxx.71.xx;
     deny all;
     }
    
...

Where:

/myadmin is the location of the folder with the administrative section (like https://domain.tld/myadmin)

In our example, we listed a list of IPs from which this path will be resolved, where you can undergo further authorization using your login and password. From other IP addresses that are not in the list, the following message will be displayed: Forbidden.

This rule significantly increases the security of your site; keep in mind that each CMS must be checked separately, since some administrative sections with such a restriction may disrupt the operation of the entire site.

To apply the settings, do not forget to restart the service, checking the configuration as a whole.

nginx -t
service nginx restart

For authorization always from the same static IP address, use a VPS server, for example with the squid service configured.





No Comments Yet