Disallow access to Drupal /user and /admin with Nginx
You may want to disallow access to the login pages and admin URLs on your primary domain for security reasons (and then not have these rules on an alternate domain name, potentially only accessible by VPN).
In Nginx, this is pretty simple to do, and this will also cover non-pretty-URLs as well:
# Disallow access to user and admin URIs
location ^~ /user { return 404; }
location ^~ /admin { return 404; }
if ($arg_q ~ "^user") { return 404; }
if ($arg_q ~ "^admin") { return 404; }
To do this in Apache, see http://www.acquia.com/blog/protecting-drupals-fleshy-underbelly-htaccess
Written by Alan Ivey
Related protips
1 Response
i can not get this to work. It is because nginx is looking for a physical directory to block where as Drupal is creating the /user folder internally?
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Drupal
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#