Hi all,
Have recently moved my WP based website under NginX behind an Amazon ELB. Whilst IP restriction to wp-admin & wp-login was previously working, I'm now having issue restricting to my IP's only, due to the X-Forwarded-For of the load balancer.
I've tried so many options but I can't seem to find a working example for being behind a load balancer.
Any ideas?
Below are some of the variations in my nginx site.conf. The closest I can do is geting it to restrict the IP correctly unless it's in my allow IP's list, but if it is, instead of parsing wp-admin or wp-login normally in browser, it just prompts me to download the file... examples i've tried:
-----
location ~* ^/(wp-admin|wp-login) {
allow <my-ip>;
deny all;
}
----
Deny access to admin pages
location ~ ^/(wp-admin|wp-login\.php) {
set $allow false;
if ( $remote_addr ~ <my-ip> ) {
set $allow true;
}
if ($allow = false) {
return 403;
}
}
-----
location ~ ^/(wp-admin|wp-login\.php) {
set $allow false;
if ( $http_x_forwarded_for ~ ^my.\ip\ ) {
set $allow true;
}
if ($allow = false) {
return 403;
}
}
-----
if ( $http_x_forwarded_for != ^my\.ip\. && location ~ "^/wp-admin\.php" ) {
error 404 "Not the droids you are looking for...";
}
-----
I'm at a loss, if anyone has this working in full could you please let me know what is required in configuring NginX for this situation?
Have recently moved my WP based website under NginX behind an Amazon ELB. Whilst IP restriction to wp-admin & wp-login was previously working, I'm now having issue restricting to my IP's only, due to the X-Forwarded-For of the load balancer.
I've tried so many options but I can't seem to find a working example for being behind a load balancer.
Any ideas?
Below are some of the variations in my nginx site.conf. The closest I can do is geting it to restrict the IP correctly unless it's in my allow IP's list, but if it is, instead of parsing wp-admin or wp-login normally in browser, it just prompts me to download the file... examples i've tried:
-----
location ~* ^/(wp-admin|wp-login) {
allow <my-ip>;
deny all;
}
----
Deny access to admin pages
location ~ ^/(wp-admin|wp-login\.php) {
set $allow false;
if ( $remote_addr ~ <my-ip> ) {
set $allow true;
}
if ($allow = false) {
return 403;
}
}
-----
location ~ ^/(wp-admin|wp-login\.php) {
set $allow false;
if ( $http_x_forwarded_for ~ ^my.\ip\ ) {
set $allow true;
}
if ($allow = false) {
return 403;
}
}
-----
if ( $http_x_forwarded_for != ^my\.ip\. && location ~ "^/wp-admin\.php" ) {
error 404 "Not the droids you are looking for...";
}
-----
I'm at a loss, if anyone has this working in full could you please let me know what is required in configuring NginX for this situation?