Restrict backend access to only certain IP

Your software
My Mautic version is: 4.4.9
My PHP versions is: 8.0.30
My Database type and version is: 10.6.12-MariaDB

Your problem
My problem is: I would like to block the access to the login page and only allow our VPN IP. I tried by adding the following to my nginx configuration but I blocked much more than just the login page.

location / {
    # try to serve file directly, fallback to app.php
       allow vpnIP;
       allow 127.0.0.1;
       deny all;
    try_files $uri /index.php$is_args$args;
    location ~ \.php$ {
      include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock;
    }
}

I guess I solved it like this:

location ~/s/login {
       allow vpnIP;
       deny all;
    try_files $uri /index.php$is_args$args;
}

This is a super useful security hardening step.

ChatGPT tells me the code can be modified to only allow specific IP’s to access the login page

location ~/s/login {
    allow 127.0.0.1;
    allow 127.0.0.2;
    deny all;
    try_files $uri /index.php$is_args$args;
}

Can you foresee any complications? Obv one would have to have a static IP.

There will be no complications, we do this at my company without any problems

Hey folks, it would be great to write this up for the knowledgebase. Anyone fancy taking that on?