Reputation: 92581
How to block access to a set of url patterns by IP?
I've been trying to block access to /admin and /admin/{anything} with /admin not being a physical sub directory in silverstripe except for a limited set of IP addresses and have come up with the following .htaccess file section which for the most part works.
<IfModule mod_rewrite.c>
SetEnv HTTP_MOD_REWRITE On
RewriteEngine On
RewriteBase '/'
RewriteCond %{REQUEST_URI} ^(.*)?(admin/(.*)|admin)$
RewriteCond %{REMOTE_ADDR} !^(127\.0\.0\.1|216\.58\.208\.36)$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
However it was pointed out to me that this doesn't block the non-rewritten access framework/main.php?url=admin and framework/main.php?url=admin/{anything}
On top of this Silverstripe can also be served through Nginx which doesn't support .htaccess.
How can I update this .htaccess section to block the non-rewritten version as well, and also how would I do the same thing in nginx?
Upvotes: 2
Views: 523
Answers (1)
Reputation: 476
Hailwood, there are a couple modules that touch on this. Might be a good starting point:
https://github.com/silverstripe-labs/silverstripe-securityextras
https://github.com/prij/silverstripe-iprestrictedpage
Upvotes: 2
Related Questions
- Access-Control-Allow-Origin Multiple Origin Domains?
- From inside of a Docker container, how do I connect to the localhost of the machine?
- public directory for .htaccess
- How to set codeigniter for apache server?
- WordPress admin pages redirecting to homepage
- .htaccess URL rewriting challenge
- Allow multiple IPs to access Wordpress Site Admin via .htaccess