My location restriction to admin panel is not working in Nginx

Blason R

4/20/24, 4:01 AM

My website is at https://www.example.com and I have a CMS Panel at

https://www.example.com/administrator -> 301 ->
https://www.example.com/administrator/ -> 302
https://www.example.com/administrator/Login.aspx?Session=Out

And I am trying to restrict the access to /administrator but this is not working - Can someone please help?

location ~*/administrator {
allow 10.0.0.0/8;
deny all;
}

here are the logs

192.168.5.232 - - [20/Apr/2023:09:17:57 +0530] "GET /administrator/ HTTP/2.0" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"
192.168.5.232 - - [20/Apr/2023:09:17:57 +0530] "GET /administrator/Login.aspx?Session=Out HTTP/2.0" 200 2448 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"

Here are error logs

2023/04/20 09:15:34 [notice] 4810#4810: *467 "GET|HEAD|POST" matches "GET", client: 192.168.5.232, server: example.com, request: "GET /administrator/error HTTP/2.0", host: "www.example.com", referrer: "https://www.example.com/administrator/Login.aspx?Session=Out"
2023/04/20 09:17:57 [notice] 4962#4962: *513 "GET|HEAD|POST" matches "GET", client: 192.168.5.232, server: example.com, request: "GET /administrator/ HTTP/2.0", host: "www.example.com"
2023/04/20 09:17:57 [notice] 4962#4962: *513 "GET|HEAD|POST" matches "GET", client: 192.168.5.232, server: example.com, request: "GET /administrator/Login.aspx?Session=Out HTTP/2.0", host: "www.example.com"

1 + 2

nginx

nginx-reverse-proxy

TomTom

4/20/24, 4:08 AM

Questions involving web hosting control panels are off-topic because they customize their systems so that standard system administration methods no longer apply. Some related topics may be asked on Webmasters or see Where can I ask questions about web hosting control panels?

Blason R

4/20/24, 4:19 AM

This is not related to web hosting control panel but challenge in configuration on reverse proxy in nginx. Its an nginx issue hence I posted here.

Score:1

Server

Gerald Schneider

4/20/24, 4:36 AM

You don't need regular expressions here. Just the directory should do it

location /administrator/ {
allow 10.0.0.0/8;
deny all;
}

And you were missing a blank after ~*, which was most probably the actual problem.

+ 2

Blason R

4/20/24, 11:19 AM

Let me see if that works? Since I guess I already tried that but it did not work.

Blason R

4/21/24, 3:43 AM

Nah its still not working location ^~ /(administrator|Administrator|Login\.aspx) { allow 49.36.10.215; deny all; return 403; }

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: My location restriction to admin panel is not working in Nginx

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.