-1

My website is at https://www.example.com and I have a CMS Panel at

https://www.example.com/administrator -> 301 ->
https://www.example.com/administrator/ -> 302
https://www.example.com/administrator/Login.aspx?Session=Out

And I am trying to restrict the access to /administrator but this is not working - Can someone please help?

location ~*/administrator {
allow 10.0.0.0/8;
deny all;
}

here are the logs

192.168.5.232 - - [20/Apr/2023:09:17:57 +0530] "GET /administrator/ HTTP/2.0" 302 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"
192.168.5.232 - - [20/Apr/2023:09:17:57 +0530] "GET /administrator/Login.aspx?Session=Out HTTP/2.0" 200 2448 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"

Here are error logs

2023/04/20 09:15:34 [notice] 4810#4810: *467 "GET|HEAD|POST" matches "GET", client: 192.168.5.232, server: example.com, request: "GET /administrator/error HTTP/2.0", host: "www.example.com", referrer: "https://www.example.com/administrator/Login.aspx?Session=Out"
2023/04/20 09:17:57 [notice] 4962#4962: *513 "GET|HEAD|POST" matches "GET", client: 192.168.5.232, server: example.com, request: "GET /administrator/ HTTP/2.0", host: "www.example.com"
2023/04/20 09:17:57 [notice] 4962#4962: *513 "GET|HEAD|POST" matches "GET", client: 192.168.5.232, server: example.com, request: "GET /administrator/Login.aspx?Session=Out HTTP/2.0", host: "www.example.com"
HBruijn
  • 77,029
  • 24
  • 135
  • 201
Blason R
  • 29
  • 3
  • Questions involving web hosting control panels are off-topic because they customize their systems so that standard system administration methods no longer apply. Some related topics may be asked on Webmasters or see Where can I ask questions about web hosting control panels? – TomTom Apr 20 '23 at 04:08
  • 1
    This is not related to web hosting control panel but challenge in configuration on reverse proxy in nginx. Its an nginx issue hence I posted here. – Blason R Apr 20 '23 at 04:19

1 Answers1

1

You don't need regular expressions here. Just the directory should do it

location /administrator/ {
allow 10.0.0.0/8;
deny all;
}

And you were missing a blank after ~*, which was most probably the actual problem.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • Let me see if that works? Since I guess I already tried that but it did not work. – Blason R Apr 20 '23 at 11:19
  • Nah its still not working location ^~ /(administrator|Administrator|Login\.aspx) { allow 49.36.10.215; deny all; return 403; } – Blason R Apr 21 '23 at 03:43