nginx&cloudflare – allow ip to directory

SUPZ!

One of my blogs is getting lots of login attempts from HACKERS :>

Only allow specific IP to access a specific directory

Inside the configuration of the domain (ex. /etc/nginx/sites-enabled/playboy.com), lets add the following entries – this will allow IP 84.91.XXX.XXX to wp-admin folder and block all the others

 location /full_movies/ {
      allow 84.91.XXX.XXX;
      deny all;
 }

This should to the trick! but if we are using cloudflare the domain we need to add some lines at our nginx.conf (/etc/nginx/nginx.conf) so nginx reads the correct IP from the visitor…
Inside http { lets add the following

set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
real_ip_header CF-Connecting-IP;

Horray!

To protect your wordpress login & wp-admin…

  location ~ '(/wp-login.php|/wp-admin)' {
            allow 84.91.4.220;
            deny all;
        }

This might affect your theme/plugins.
It protects /wp-admin/wp-ajax.php….

Leave a Reply

Your email address will not be published. Required fields are marked *

*