Welcome! Log In Create A New Profile

Advanced

allow phone ip address wordpresss admin access, deny any other ip address

Posted by Danran 
allow phone ip address wordpresss admin access, deny any other ip address
October 20, 2021 03:21AM
I am running a lemp server which is working and running wordpress quite properly. As of now, I have my wordpress web login blacklisted by all IP addresses EXCEPT any IP on my lan with the following directive:

server {
# Allow local only to wp-login page
location ~ /wp-login.php {
allow 192.168.1.0/24;
deny all;
error_page 403 =444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

This directive sucessfully blocks all internet traffic to "mywebsite.com/wp-login.php", which is the wordpress admin login page.
In other words, with this directive set, I can access the wordpress login page anywhere on my internal LAN, but the directive denys any outside internet traffic from seeing the "mywebsite.com/wp-login.php" page. GREAT!

1. NOW, What I want to do, is to whitelist the ip address of my phone, so that I can access the wordpress login page from my phone's IP address, while still blocking any other outside internet traffic. To do so go to www.whatsmyip.org on my phone, copy the ip address that it gives me, then modify the previous directive to look like the following:

server {
# Allow local only to wp-login page
location ~ /wp-login.php {
allow my_phones_ip_address_as_shown_on_whatsmyip.org;
allow 192.168.1.0/24;
deny all;
error_page 403 =444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

HOWEVER, after reloading nginx, I still cannot access the wp-login (wordpress login) page from my phone.

2. What I also want to do, is for nginx to completely drop any connection that tries to access my wp-login page, instead of giving multiple redirects with "error_page 403 =444". I could not find any other way for nginx to completely drop the connection to the page if accessed from an outside source, and using the "error_page 403 =444" stanza was the closes workaround that I could find on the internet. Could someone please advise me on how to force nginx to completely drop any connection so it looks like the page doesn't exist when accessing it, instead of giving an error message? In other words, is there something I can use to replace "error_page 403 =444" with a directive that will make the page the user is trying to access non-existent?

FOR REFERENCE#1 my nginx.conf has been copied and pasted on pastebin at the following link:
[link]https://pastebin.com/0bUgW0QM[/link]

FOR REFERENCE#2 my virtual host configuration has been copied and pasted on pastebin at the following link:
[link]https://pastebin.com/jRC4nNi7[/link]

My question is:
1) How can I properly whitelist my phones ip address, while blacklisting everything else and..
2) How can I force nginx to initiate a dropped connection for blacklisted IP addresses, instead of my current "redirection" workaround?

Dan Ran
https://nerd-tech.net
https://danran.rocks
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 40
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready