Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block all user/content edition path #79

Open
heyyo-droid opened this issue Feb 6, 2023 · 0 comments
Open

Block all user/content edition path #79

heyyo-droid opened this issue Feb 6, 2023 · 0 comments

Comments

@heyyo-droid
Copy link

Hi,
I'm trying to secure a website, where we have a front server and back server.
Only back should allow the access to any edition.

I used NGINX_SERVER_EXTRA_CONF_FILEPATH to set an additional Nginx conf.

Something like this works pretty good:

location ~* "^/([a-z]{2}/)?(user|admin|node|media|file)" {
  return 404;
}

It blocks path like:
any path starting /user (/user/login, /user/register...)
any path starting with /admin
or node/XX node/XX/edit ...

I have 2 remaining issues:

  1. how to block routes which already have nginx location definition in nginx wodby.

For example: /cron or /update.php

  1. And how to improve my first rules to also blocks path prefix coming from domain sub folder with module country path.
    for example /london/user
    My list of sub domains is not known, it managed in content.

Any idea is welcome. Thanks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@heyyo-droid