Just a quick reply cos I'm on the run, but this might help for #2
location /yourpath/file/whatever {
# drop the connection/blackhole for this block
return 444;
}
On 10/11/21 6:32 am, Danran wrote:
> I am running a lemp server which is working and running wordpress quite
> properly. As of now, I have my wordpress web login blacklisted by all IP
> addresses EXCEPT any IP on my lan with the following directive:
>
> server {
> # Allow local only to wp-login page
> location ~ /wp-login.php {
> allow 192.168.1.0/24;
> deny all;
> error_page 403 =444;
> include snippets/fastcgi-php.conf;
> fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
>
> This directive sucessfully blocks all internet traffic to
> "mywebsite.com/wp-login.php", which is the wordpress admin login page.
> In other words, with this directive set, I can access the wordpress login
> page anywhere on my internal LAN, but the directive denys any outside
> internet traffic from seeing the "mywebsite.com/wp-login.php" page. GREAT!
>
> 1. NOW, What I want to do, is to whitelist the ip address of my phone (and
> my office computer at work), so that I can access the wordpress login page
> from my phone's IP address and/or my office computer, while still blocking
> any other outside internet traffic. To do so I go to www.whatsmyip.org on my
> phone, copy the ip address that it gives me, then modify the previous
> directive to look like the following:
>
> server {
> # Allow local only to wp-login page
> location ~ /wp-login.php {
> allow my_phones_ip_address_as_shown_on_whatsmyip.org;
> allow 192.168.1.0/24;
> deny all;
> error_page 403 =444;
> include snippets/fastcgi-php.conf;
> fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
>
> HOWEVER, after reloading nginx, I still cannot access the wp-login
> (wordpress login) page from my phone.
>
> 2. What I also want to do, is for nginx to completely drop any connection
> that tries to access my wp-login page, instead of giving multiple redirects
> with "error_page 403 =444". I could not find any other way for nginx to
> completely drop the connection to the page if accessed from an outside
> source, and using the "error_page 403 =444" stanza was the closes workaround
> that I could find on the internet. Could someone please advise me on how to
> force nginx to completely drop any connection so it looks like the page
> doesn't exist when accessing it, instead of giving an error message? In
> other words, is there something I can use to replace "error_page 403 =444"
> with a directive that will make the page the user is trying to access
> non-existent?
>
> FOR REFERENCE#1 my nginx.conf has been copied and pasted on pastebin at the
> following link:
> [link]https://pastebin.com/0bUgW0QM[/link]
>
> FOR REFERENCE#2 my virtual host configuration has been copied and pasted on
> pastebin at the following link:
> [link]https://pastebin.com/jRC4nNi7[/link]
>
> My question is:
> 1) How can I properly whitelist my phones ip address, while blacklisting
> everything else and..
> 2) How can I force nginx to initiate a dropped connection for blacklisted IP
> addresses, instead of my current "redirection" workaround?
>
> Dan Ran
> d...@nerd-tech.net
> dan@danran.rocks
> https://nerd-tech.net
> https://danran.rocks
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,292784,292784#msg-292784
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
