How to IP-limit admin-area access

Owned by HostBill
Last updated: Jun 28, 2018 by HostBill
2 min read

You can set IP addresses allowed to Login to your admin portal in Settings → Security Settings → Admin Area Allowed IPs.

If you'd like to go further, and block unwanted IP addresses on web-server level, you can do so by updating nginx config files.


How to IP-limit admin-area access on nginx

1. SSH to your HostBill Enterprise server as root:

# ssh root@yourhostbilladdress

2. Create file  /etc/nginx/hostbill_phpfpm, add the following content to it:

		location       ~ \..*/.*\.php$ {return 403;}
        include        /etc/nginx/fastcgi_params;

        #When https is enabled, make sure to uncomment line below
        #fastcgi_param		    HTTPS 'on';

        fastcgi_pass   127.0.0.1:9000;
	
        fastcgi_index  				index.php;
        fastcgi_param               SCRIPT_FILENAME $request_filename;
        fastcgi_hide_header         "X-Powered-By";
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

3. Edit file:

/etc/nginx/locations/hostbill.conf

  • Replace its contents with following:

            
location @seohburl {
    rewrite ^/(.+)$ /index.php?/$1 last;
}


location ^~ /admin {
    allow 1.2.3.4;
    allow 192.168.0.0/24;
    deny all;

    alias    /home/hostbill/public_html/admin/;
    index   index.php;

    location ~ \.php$ {
        include    /etc/nginx/hostbill_phpfpm;
    }

}

location ^~ / {
    alias    /home/hostbill/public_html/;
    index   index.php;

    try_files $uri $uri/ @seohburl;


    location ~ \.php$ {
        include    /etc/nginx/hostbill_phpfpm;
    }
}
  • Make sure to change /admin to other folder name, if you have changed your admin folder 
  • Add each allowed IP / CIDR subnet in new "allow X.X.X.X" block
  • Save changes

3. Reload webserver's config

systemctl reload nginx