Protect the backend in Nginx

Pack Hosting Panel

At the moment, there is an increasing number of brute force password guessing attacks performed on backends of e-commerce platforms. In some cases, it may happen they get access to the backend. We recommend to secure your backend following this article.

Setting up a configuration file

The admin-environment / backend of a webshop can be shielded by a Nginx configuration. You can add IP addresses to a whitelist, the rest will get a 403 status code (forbidden).

In our example, the admin is called 'admin' and we would like to shield it. Furthermore, we would like to add IP addresses 1.2.3.4 and 4.3.2.1 to the whitelist.

With the example above, we come to the following Nginx configuration:

location ~ ^\/(index.php\/)?(admin) {

    allow 1.2.3.4;  # Whitelist IP-adress 1
    allow 4.3.2.1;  # Whitelist IP-adress 2

    deny all;

    try_files $cache_uri $uri $uri/ @handler;

    # Alternative urls
    location ~* ^\/(index.php\/)?admin {
        rewrite / /index.php break;
        echo_exec @main;
    }

    location ~ \.php$ {
        echo_exec @main;
    }
}

We use the url path admin but this can be different for any other application.

Do not forget to reload the Nginx service right after adding the Nginx configuration:

$ nginx-reload

Protect the backend in Nginx

How can I protect my backend in Nginx?

Setting up a configuration file

Hipex Docs