Restrict access to admin area by IP

You can place the following codes into your .htaccess file:-

RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/ [NC]
RewriteCond %{REMOTE_ADDR} !^1\.1\.1\.1
RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]

Where 1.1.1.1 is your IP address.

* For the last line, make sure that there's no spacing between http:// and %{HTTP_HOST}/. StackExchange doesn't allow the code http://% to be posted so I have to add a spacing in between.

Multiples are handled by adding another match line

RewriteCond %{REQUEST_URI} ^/(index.php/)?admin(.*) [NC] 
RewriteCond %{REMOTE_ADDR} !^10\.1\.1\.10
RewriteCond %{REMOTE_ADDR} !^10\.2\.1\.10
RewriteRule .* - [F,L]

Basically it translates to if this url regex, and not these addresses, then 403, you're out of here.

In case anyone uses Nginx:

location ~* ^/(index\.php/bcknd|bcknd) {
    allow 1.1.1.1;

    try_files $uri $uri/ /index.php?$args;
    location ~* \.php$ { try_files /dummy @proxy; }
    deny all;
}

Restrict access to admin area by IP

Tags:

Security

Admin

Htaccess

Related

Recent Posts