How to IP-limit admin-area access

You can set IP addresses allowed to Login to your admin portal in Settings → Security Settings → Admin Area Allowed IPs.

If you'd like to go further, and block unwanted IP addresses on web-server level, you can do so by updating nginx config files.

How to IP-limit admin-area access on nginx

1. SSH to your HostBill Enterprise server as root:

# ssh root@yourhostbilladdress

2. Create file  /etc/nginx/hostbill_phpfpm, add the following content to it:

		location       ~ \..*/.*\.php$ {return 403;}
        include        /etc/nginx/fastcgi_params;

        #When https is enabled, make sure to uncomment line below
        #fastcgi_param		    HTTPS 'on';

        fastcgi_pass   127.0.0.1:9000;
	
        fastcgi_index  				index.php;
        fastcgi_param               SCRIPT_FILENAME $request_filename;
        fastcgi_hide_header         "X-Powered-By";
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

3. Edit file:

/etc/nginx/locations/hostbill.conf

• Replace its contents with following:
  
  

          
  location @seohburl {
      rewrite ^/(.+)$ /index.php?/$1 last;
  }
  
  
  location ^~ /admin {
      allow 1.2.3.4;
      allow 192.168.0.0/24;
      deny all;
  
      alias    /home/hostbill/public_html/admin/;
      index   index.php;
  
      location ~ \.php$ {
          include    /etc/nginx/hostbill_phpfpm;
      }
  
  }
  
  location ^~ / {
      alias    /home/hostbill/public_html/;
      index   index.php;
  
      try_files $uri $uri/ @seohburl;
  
  
      location ~ \.php$ {
          include    /etc/nginx/hostbill_phpfpm;
      }
  }

• Make sure to change /admin to other folder name, if you have changed your admin folder 
• Add each allowed IP / CIDR subnet in new "allow X.X.X.X" block
• Save changes

3. Reload webserver's config

systemctl reload nginx