Last Updated: September 28, 2017
·
1.548K
· alanthing

Disallow access to Drupal /user and /admin with Nginx

You may want to disallow access to the login pages and admin URLs on your primary domain for security reasons (and then not have these rules on an alternate domain name, potentially only accessible by VPN).

In Nginx, this is pretty simple to do, and this will also cover non-pretty-URLs as well:

# Disallow access to user and admin URIs
location ^~ /user { return 404; }
location ^~ /admin { return 404; }
if ($arg_q ~ "^user") { return 404; }
if ($arg_q ~ "^admin") { return 404; }

To do this in Apache, see http://www.acquia.com/blog/protecting-drupals-fleshy-underbelly-htaccess

1 Response
Add your response

i can not get this to work. It is because nginx is looking for a physical directory to block where as Drupal is creating the /user folder internally?

over 1 year ago ·