403 on allowed IP
December 17, 2015 11:12AM
I have a WordPress website and am trying to restrict access to wp-admin via nginx config. I can success block access to wp-admin, however when attempting to access wp-admin from an allowed IP address, I still receive a 403 error. Please help! My configuration looks as follows:

map_hash_bucket_size 128;

map $uri $new {
include /etc/nginx/vhost.d/redirection.map
}

server {
listen 80;
server_name www.website.com website.com

if ($new) {
rewrite ^ $new;
}
rewrite ^/blog/(?<post>(?!page/).+)$ /$post/;

return 301 https://www,website.com$uri
}

server {
listen 443 ssl http2;
server_name www.website.com website.com;
root /usr/share/nginx/html/website;

access_log /var/log/nginx/website.access.https.log;
error_log /var/log/nginx/website.error.https.log;

ssl_certificate /etc/pki/tls/certs/website_chained.crt;
ssl_certificate_key /etc/pki/tls/private/website.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
ssl_dhparam /etc/pki/tls/private/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers 'crazy cipher here';

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=15768000;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/pki/tls/certs/sf_bundle-g2.crt;

resolver XX.XXX.XXX.X X.X.X.X; <--- obviously real IP addresses

if ($new) {
rewrite ^ $new permanent;
}
rewrite ^/blog/(?<post>(?!page/).+)$ /$post/ permanent;

location ~ /(\.|wp-config.php|wp-comments-post.php|readme.html|license.txt) {
deny all;
}

location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
return 444;
}

location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}

add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
add_header X-Powered-By "Dilithium" always;

location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;

if ( $request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
}

location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}

location /wp-admin/ {
allow XXX.XX.XXX.XXX;
allow XX.XXX.XXX.0/24;
deny all;
}

location /wp-admin/admin-ajax.php {
allow all;
}
}

Any ideas?
Re: 403 on allowed IP
September 15, 2016 03:34PM
Did you ever get this figured out? I'm running into the same problem. Thanks!
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 103
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready