cancel
Showing results for 
Search instead for 
Did you mean: 

How to restrict access to Magento admin area by IP Address (Nginx)?

How to restrict access to Magento admin area by IP Address (Nginx)?

I  have tried 2 methods, both are not working:

 

location ~* ^/(index\.php/admin|admin) {
    allow 1.1.1.1;

    try_files $uri $uri/ /index.php?$args;
    location ~* \.php$ { try_files /dummy @proxy; }
    deny all;
}
location ~ "^/admin_" {

    allow 1.2.3.4;
    allow 1.2.3.5;
    allow 1.2.3.6;
    deny all;

    fastcgi_pass   unix:/var/run/php-fpm/example.com.sock;
    fastcgi_buffers 1024 4k;
    fastcgi_buffer_size 128k;

    fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
    fastcgi_param  PHP_VALUE "memory_limit=4G \n max_execution_time=600 \n max_input_vars=100000";
    fastcgi_read_timeout 600s;
    fastcgi_connect_timeout 600s;

    fastcgi_param  SCRIPT_FILENAME  $document_root/index.php;
    include        fastcgi_params;
}

I am using magento 2.3.6, and magento 2.4.2, and I plan to store ips in a text file, and ban all ips in the text.

 

tks.

4 REPLIES 4

Re: How to restrict access to Magento admin area by IP Address (Nginx)?

Hello @sinobest ,
have you checked the following blog? 

https://www.getastra.com/blog/cms/magento-security/restrict-access-magento-admin-area-ip-address-hta...

it has steps for both apache and Nginx.
Or try with the below code in your Nginx.conf file 

location ~* ^/(index\.php/bcknd|bcknd) {
    allow 1.1.1.1;

    try_files $uri $uri/ /index.php?$args;
    location ~* \.php$ { try_files /dummy @proxy; }
    deny all;
}

Thank You.
problem solved ? Accept as a solution and click kudos

Re: How to restrict access to Magento admin area by IP Address (Nginx)?

Before I tried the code under magento 2.4.2, the codes do not work. I have tried the codes again under Magento 2.3.6, the codes work wonderful.

Would you please retry the codes under magento 2.4.2? 

Re: How to restrict access to Magento admin area by IP Address (Nginx)?

Hello @sinobest ,

Are you getting any errors in  2.4.2?

If so share your errors here 
Thank you.

Re: How to restrict access to Magento admin area by IP Address (Nginx)?

not working under magento 2.4