Restrict backend access to only certain IP

Product Support
1

Your software
My Mautic version is: 4.4.9
My PHP versions is: 8.0.30
My Database type and version is: 10.6.12-MariaDB

Your problem
My problem is: I would like to block the access to the login page and only allow our VPN IP. I tried by adding the following to my nginx configuration but I blocked much more than just the login page.

location / {
    # try to serve file directly, fallback to app.php
       allow vpnIP;
       allow 127.0.0.1;
       deny all;
    try_files $uri /index.php$is_args$args;
    location ~ \.php$ {
      include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock;
    }
}
3

I guess I solved it like this:

location ~/s/login {
       allow vpnIP;
       deny all;
    try_files $uri /index.php$is_args$args;
}
2 Likes
4

This is a super useful security hardening step.

ChatGPT tells me the code can be modified to only allow specific IP’s to access the login page

location ~/s/login {
    allow 127.0.0.1;
    allow 127.0.0.2;
    deny all;
    try_files $uri /index.php$is_args$args;
}

Can you foresee any complications? Obv one would have to have a static IP.

2 Likes
5

There will be no complications, we do this at my company without any problems

3 Likes
6

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.

7

Hey folks, it would be great to write this up for the knowledgebase. Anyone fancy taking that on?