1

I am using nginx and I have installed geoip-database-contrib package to block access to /wp-admin location from all countries except some preferred.

location /wp-admin {
  if ($allowed_country = no) {
    return 403;
  }
}

It works fine when trying to open this page in browser. But still I can see in access.log many POST requests and in worpdress logs failed login requests from rejected countries. Is possible to use geoip-database-contrib module also for POST requests?

I tried:

location /wp-admin {
  if ($allowed_country = no) {
    deny all;
  }
}

but after reload nginx doesnt start at all. Do you have any ideas, how to block all requests only for location /wp-admin ? I don't want to block traffic at firewall level, because all countries should have access to web, but I want to limit requests to admin.

I know that I could permit request only for some IP addresses, but I need to access admin from more places where I have dyn. assigned IP.

Thank you very much for your ideas.

Marek Marcinko
  • 11

1 Answers1

0
sudo apt-get install geoip-database libgeoip1

You need this additional block, put it within the http{} block, above the server{} block

# Whitelist Country to access Web admin
geoip_country /usr/share/GeoIP/GeoIP.dat; #Please download database and put the correct path here
    map $geoip_country_code $allowed_country {
        default no;
        PH yes;

}

Then inside the server{} block you can put this

location /wp-admin {
  if ($allowed_country = no) {
    return 444;
  }
}

It works on a folder (ex: http://domain/folder_name) but when I try to deny specific .php file (http://domain/folder_name_2/filename.php ), it does not work, browser forced to download the php file !!! I'm trying to find a solution

Dylan B
  • 101