skip to Main Content

I want to filter the WordPress backend access.
When I add the following instructions to the code below, it shows a 403 error for all IPs address.
even when I visit the page from my 68.xx.xx.xxx VPN ip address.

Any guess of why my IP is blocked?

I’ve added the following code for restricting access to some WP folders or files in my Nginx configuration for my Azure app. :

location ~ ^/(wp-admin|wp-login.php) {
       allow xx.xx.xx.xxx;
       deny all;               
   }

Full code :

server {
        listen 80;
        ## Your website name goes here.
        server_name mywebsite;

        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        # Add locations of phpmyadmin here.
        location /phpmyadmin {
                root /home/;
                index index.php index.html index.htm;
                location ~ ^/phpmyadmin/(.+.php)$ {
                        try_files $uri =404;
                        root /home/;
                        fastcgi_pass unix:/var/run/php/php-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        include /etc/nginx/fastcgi_params;
                }
                location ~* ^/phpmyadmin/(.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                        root /home/;
                }
        }

        # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
        sendfile off;
        set $skip_cache 0;

        # POST requests and urls with a query string should always go to PHP
        if ($request_method = POST) {
                set $skip_cache 1;
        }

        if ($query_string != "") {
                set $skip_cache 1;
        }

        # Don't cache uris containing the following segments
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
                set $skip_cache 1;
        }

        # Don't use the cache for logged in users or recent commenters
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
                set $skip_cache 1;
        }

        # Don't cache WooCommerce URLs
        # Cart widgets are still a problem: https://github.com/emcniece/docker-wordpress/issues/3
        if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
                set $skip_cache 1;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

location ~ ^/(wp-admin|wp-login.php) {
       allow xx.xx.xx.xxx;
       deny all;               
   }

        location ~* .php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi.conf;
                include fastcgi_params;
                fastcgi_intercept_errors on;
                fastcgi_pass php;

                fastcgi_read_timeout 300;
                fastcgi_cache_bypass $skip_cache;
                fastcgi_no_cache $skip_cache;
                fastcgi_cache off;
                fastcgi_cache_valid 60m;                
        }

        location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

2

Answers


  1. Chosen as BEST ANSWER

    Issue resolved! It needed to add those lines as I was behind a reverse proxy into the location block:

    real_ip_header X-Forwarded-For;
    set_real_ip_from 169.xx.xx.xx; # proxy address here
    

  2. I have tried the same which you tried and made some changes in the above given code. Here in the given code everything looks good but, I just changed the syntax format that you can check below.

    Modification to the location block:

    location ~ ^/(wp-admin|wp-login.php) {
        allow 68.84.18.107; # Replace with your actual IP address
        deny all;
        include fastcgi_params; # Make sure to include this line
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Include this line as well if not already present
        fastcgi_pass php;
    }
    
    • In webapp Go to Networking>Access Restrictions here I had configured network IP address access restrictions in the advanced tool site as per my requirement.

    enter image description here

    • Reload or restart Nginx for the configuration to take effect.
      sudo service nginx reload

    Here is the full code for the reference.

    server {
        listen 80;
        listen [::]:80;
        server_name yourdomain.com www.yourdomain.com;
        return 301 https://erp.uni.mk$request_uri;
    }
    
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name yourdomain.com;
    
        ssl_certificate "/etc/nginx/ssl/ca_full.crt";
        ssl_certificate_key "/etc/nginx/ssl/private.key";
    
        # SSL configuration
    
        location / {
            # Your existing configuration for the main site
            # ...
        }
    
        location ~ ^/(wp-admin|wp-login.php) {
            allow xx.xx.xx.xxx;  # Replace with your allowed IP address
            deny all;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_pass php;
        }
    
        location ~* .php$ {
            include fastcgi.conf;
            include fastcgi_params;
            fastcgi_intercept_errors on;
            fastcgi_pass php;
            fastcgi_read_timeout 300;
            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;
            fastcgi_cache off;
            fastcgi_cache_valid 60m;
        }
    
        location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
        }
    }
    

    Restricted:
    enter image description here

    Redirected:
    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search