I'm trying to lock down access to WP-admin using IP restrictions on Nginx. The following seems to block wp-admin, but doesn't block wp-login.php
This is a start as it will stop anyone being able to login from any other IP, as after signing in you are redirected to wp-admin which is restricted. However, they can still get to the sign in form and in theory could still be affected by brute force attacks.
server {
listen 80;
server_name website.com www.website.com dev.website.com;
location / {
root /var/www/html/website.com/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
root /var/www/html/website.com/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/(wp-admin|wp-login/.php) {
root /var/www/html/website.com/;
index index.php index.html index.htm;
allow 123.123.123.123/32;
deny all;
}
}
If you fix your context it might fix this issue. Instead of forward slash do a backslash prior to your .php
location ~ ^/(wp-admin|wp-login\.php) {
allow 123.123.123.123/32;
deny all;
}
Not a perfect solution, but I'm now using this:
server {
listen 80;
server_name website.com www.website.com dev.website.com;
root /var/www/html/website.com/;
error_page 403 404 500 502 503 504 = /server_error.php;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /wp-login.php {
allow 123.123.123.123/32;
deny all;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
which will keep everyone out, but doesn't mask the fact that wp-admin exists. If someone were to navigate to wp-admin, they're redirected to wp-login.php which is restricted.
Tidied up a bit too.
I know this is a little old, but your answer helped me and I have improved upon it. So for anyone else seeing this issue which I imagine is actually quite common. For me Nginx was only blocking CSS files.
I believe the issue is caused by Nginx first seeing its a php file and therefore dealing with it inside location ~ \.php$ {} before it gets to location ~ ^/(wp-admin|wp-login\.php) {}
So I did this, firstly above location ~ \.php$ {} add:
location = /wp-login.php{
allow 12.345.6.7; #example IP address
deny all;
fastcgi_index index.php;
include fastcgi_params;
}
This will block access to wp-login.php which is great, but like you said it doesnt block wp-admin so just follow up by adding the other block below location ~ \.php$ {}
location ~ ^/(wp-admin|wp-login\.php) {
allow 12.345.6.7 #example IP address
deny all;
}
Now, if your not coming from IP 12.345.6.7 then you can't get access to either wp-admin or wp-login.php
now (2018) Wordpress redirects wp-admin automaticaly to wp-login.
So it's sufficient to only disallow /wp-login.php wit:
location = /wp-login.php {
allow 16.16.12.11
deny all;
}
Just put it after the default "location `.php$" block
Related
I have a website running in production and I need to disable the route phpmyadmin and allow a list of IPs only.
Issue: The following is denying all the IPs including the ones which are allowed.
file: /etc/nginx/sites-available/default
location /phpmyadmin {
allow X.X.X.X;
allow Y.Y.Y.Y;
allow Z.Z.Z.Z;
deny all;
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
I need to fix this to allow 3-4 IPs only on this route. Please help. I am not sure what I am doing wrong here.
I have a server with multiple sites running on nginx. I'm trying to add another one, and somehow I keep getting redirected to the wrong path.
What I usually do is copy from a working one and change the domain and paths, then create de symlink. I've also checked that they both have the same permissions, so I'm not seeing any mistake on my part. all paths work and of course I've restarted nginx. I also restarted the whole server out of desperation.
The failing one
server {
listen 80;
root /data/alvarezarango.com/www;
index index.php index.html index.htm;
server_name alvarezarango.com www.alvarezarango.com;
error_log /data/alvarezarango.com/logs/error.log error;
access_log /data/alvarezarango.com/logs/access.log;
location ~ [^/].php(/|$) {
fastcgi_split_path_info ^(.+?.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
the working one:
server {
listen 80;
root /data/spiraxtime.com/www;
index index.php index.html index.htm;
server_name spiraxtime.com www.spiraxtime.com;
error_log /data/spiraxtime.com/logs/error.log error;
access_log /data/spiraxtime.com/logs/access.log;
location ~ [^/].php(/|$) {
fastcgi_split_path_info ^(.+?.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
I get redirected to my main domain, but i can't see why. Is anything I can check to understand the redirects?
I am developing web app in Laravel 5.2. I have existing WordPress site. So, I want to integrate Laravel with WordPress. WordPress app has static pages. I have two separate directories for Laravel and WordPress in my root directory.
laraApp
wpApp
I want to make wpApp as default app. So when user clicks login button, user will be redirected to laraApp. I want wpApp at www.example.com and laraApp in www.example.com/laraApp. I have nginx web server running. So what should be my nginx config file?
Current nginx config file is :
server {
listen 80;
root /var/www/root/wpApp;
index index.php index.html index.htm;
server_name www.example.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# rewrite rules for laravel routes
location /laraApp {
rewrite ^/laraApp/(.*)$ /laraApp/public/index.php?$1 last;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Here my Laravel app is accessible using url www.example.com/laraApp/public/
I want to access it using www.example.com/laraApp.
Thanks.
The configuration would be simpler if the base URI for each of the applications did not overlap. But given the constraints of your question, you must use two distinct document roots for the PHP section of each of the applications in your configuration.
As you have placed one of your applications in /, the other application is kept separate by the use of nested location blocks. Notice the use of the ^~ modifier to prevent the first PHP block from processing Laravel requests.
index index.php index.html index.htm;
root /var/www/root/wpApp;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ^~ /laraApp {
rewrite ^/laraApp(.*)$ /laraApp/public$1 last;
}
location ^~ /laraApp/public {
root /var/www/root;
try_files $uri $uri/ /laraApp/public/index.php?$query_string;
location ~ \.php$ {
try_files $uri /laraApp/public/index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
I am away from my test system at the moment so the above has not been syntax checked or tested.
finally i switched to the nginx webserver. But everytime i access for example http://mywebsite.com it redirects me to https://mywebsite.com. I dont have any ssl options in my server block (vhost). Here a stripped down version (only removed help comments):
server {
listen 80;
root /usr/share/nginx/www/mywebsite/htdocs;
index index.php index.html index.htm;
server_name mywebsite.com;
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param CONTEXT Staging;
include fastcgi_params;
}
}
I don't really know if i am on the correct place to search for the bug?!
PS: PHP returns me ["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1"
Thanks in advice!
Got it! I've found in my /etc/nginx/fastcgi_params that line fastcgi_param HTTPS $https; which i commented out. Now, it works fine. Hope that helps someone else.
i had installe nginx on my local machine,
my problem is i would like to do a cache for my website .
help to configure nginx
this my configuration
server
{
server_name .mywebsite.com;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
root /var/www/example.com/html;
index index.php index.html index.htm;
# use fastcgi for all php files
location ~ \.php$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to apache .htaccess files
location ~ /\.ht
{
deny all;
}
}
but i dosen't had any static content on my local machine
help please best regards