Block all user/content edition path #79
Description
Hi,
I'm trying to secure a website, where we have a front server and back server.
Only back should allow the access to any edition.
I used NGINX_SERVER_EXTRA_CONF_FILEPATH to set an additional Nginx conf.
Something like this works pretty good:
location ~* "^/([a-z]{2}/)?(user|admin|node|media|file)" {
return 404;
}
It blocks path like:
any path starting /user (/user/login, /user/register...)
any path starting with /admin
or node/XX node/XX/edit ...
I have 2 remaining issues:
- how to block routes which already have nginx location definition in nginx wodby.
For example: /cron or /update.php
- And how to improve my first rules to also blocks path prefix coming from domain sub folder with module country path.
for example /london/user
My list of sub domains is not known, it managed in content.
Any idea is welcome. Thanks