I'm using OctoberCMS and NGINX.
I want to secure the site's Backend Signin url with a random generated key and NGINX sites-available.
The only way to get to the Signin page is use the secure key in the url or bookmark it.
Secure Key
I have this code which worked with Joomla when using the /administrator path.
Though OctoberCMS uses /backend/backend/auth/signin.
if ($http_referer !~ "^/backend/backend/auth/signin"){
set $rule_0 1$rule_0;
}
if ($args !~ "^vhXmdqLx1lkNQ46f5egC"){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/.*backend/backend/auth/signin/? /404 redirect;
}
It works on the Signin page, but once logged in it redirects to 404, because other pages in /backend are not included in the code.
Wildcard
I tried adding a wildcard (*) to the uri like this, but it gave the same 404 result:
if ($http_referer !~ "^/backend/backend.*"){
set $rule_0 1$rule_0;
}
if ($args !~ "^vhXmdqLx1lkNQ46f5egC"){
set $rule_0 2$rule_0;
}
if ($rule_0 = "21"){
rewrite ^/.*backend/backend.*/? /404 redirect;
}
Notes:
- The secure key is just an example I generated, not the real key.
- Trying
/backendinstead of/backend/backendruined the backend's css url's, because the css links in the html were requiring the secure key.
