Protect the backend in Nginx
How can I protect my backend in Nginx?
At the moment, there is an increasing number of brute force password guessing attacks performed on backends of e-commerce platforms. In some cases, it may happen they get access to the backend. We recommend to secure your backend following this article.
Setting up a configuration file
The admin-environment / backend of a webshop can be shielded by a Nginx configuration. You can add IP addresses to a whitelist, the rest will get a 403 status code (forbidden).
In our example, the admin is called 'admin' and we would like to shield it. Furthermore, we would like to add IP addresses 1.2.3.4 and 4.3.2.1 to the whitelist.
With the example above, we come to the following Nginx configuration:
location ~ ^\/(index.php\/)?(admin) {
allow 1.2.3.4; # Whitelist IP-adress 1
allow 4.3.2.1; # Whitelist IP-adress 2
deny all;
try_files $cache_uri $uri $uri/ @handler;
# Alternative urls
location ~* ^\/(index.php\/)?admin {
rewrite / /index.php break;
echo_exec @main;
}
location ~ \.php$ {
echo_exec @main;
}
}
We use the url path admin
but this can be different for any other application.
Do not forget to reload the Nginx service right after adding the Nginx configuration:
$ nginx-reload