Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restricting access to files and directories on Nginx by IP

I'm trying to lock down access to WP-admin using IP restrictions on Nginx. The following seems to block wp-admin, but doesn't block wp-login.php

This is a start as it will stop anyone being able to login from any other IP, as after signing in you are redirected to wp-admin which is restricted. However, they can still get to the sign in form and in theory could still be affected by brute force attacks.

server {
    listen       80;
    server_name  website.com www.website.com dev.website.com;

    location / {
        root           /var/www/html/website.com/;
         index  index.php index.html index.htm;
         try_files $uri $uri/ /index.php?$args;
    }
     location ~ \.php$ {
         root           /var/www/html/website.com/;
         fastcgi_pass   127.0.0.1:9000;
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
         include        fastcgi_params;
     }
     location ~ ^/(wp-admin|wp-login/.php) {
         root           /var/www/html/website.com/;
         index          index.php index.html index.htm;
         allow             123.123.123.123/32;
         deny all;
     }

} 
like image 897
LeighPudding Avatar asked Mar 21 '23 04:03

LeighPudding


1 Answers

If you fix your context it might fix this issue. Instead of forward slash do a backslash prior to your .php

location ~ ^/(wp-admin|wp-login\.php) {
            allow 123.123.123.123/32;
            deny all;
}
like image 87
Robert Lee Avatar answered Apr 02 '23 19:04

Robert Lee