Jump to content

How to hide access to admin panel


Tech Support

Recommended Posts

Starting from KVS 4.0.0 it is possible to configure that admin panel is available via URL other than /admin. Here is how.

admin_panel_url.png.98be440ec1220af572948b6a1e60883c.png

 

Step 1. Open /admin/.htaccess file for editing and uncomment (remove #) the following lines. If you don't have them in your /admin/.htaccess, that's mean that your project was started with earlier version and you simply need to add them at the very end:

RewriteCond %{ENV:REDIRECT_STATUS} !200
RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{REMOTE_ADDR} !^88.85.69
RewriteCond %{HTTP:X-REAL-IP} !^88.85.69
RewriteRule ^.*$ - [R=404,L]

In the same file comment out (add #) line starting with ErrorDocument 404:

#ErrorDocument 404 "404 / not found"

NOTE: this configuration is designed to allow KVS support engineers to access your admin panel via standard /admin URL, while all other users including yourself will see 404 error. We will not provide any support if we are not able to access your admin panel via standard /admin URL, so please do not alter this configuration.

 

Step 2. Create a symlink on your server's filesystem pointing from your new folder to the existing /admin folder. You can do that via your server panel or via command line. Via command line you should first CD to your project folder and then execute the following LN command:

ln -s admin abcde

 

Step 3. In /admin/include/setup.php add the following line:

$config['admin_url']="$config[project_url]/abcde";

 

Step 4. Now you should be able to access your admin panel only via this URL:

http://domain.com/abcde/

You can replace abcde with anything you want. You should get 404 error when you try to access via standard admin panel URL:

http://domain.com/admin/

NOTE: In some cases your web server (Apache or Nginx or both) may be configured to disallow using symlinks. If you see 403 errors when trying to access admin panel via the new URL, please ask host support to allow symlinks, otherwise you won't be able to hide admin panel main URL.

Link to comment
Share on other sites

  • 2 years later...
  • 3 months later...

Hello,
Firstly, the conditions and rules you mentioned are in Apache's mod_rewrite syntax, but Nginx uses a different configuration style. Here is the corresponding setup in Nginx:
 

Quote

 

location /admin {
    allow 88.85.69.0/24;
    deny all;

    error_page 403 =404 /404.html;

    try_files $uri $uri/ =404;

    location ~ \.php$ {
        deny all;
    }
}

 

Let me explain what this does:

  1. location /admin: This block applies to any URL path that starts with /admin.
  2. allow 88.85.69.0/24; deny all;: These two lines control access to the /admin directory. Only IP addresses in the range 88.85.69.0 to 88.85.69.255 are allowed. All other IP addresses are denied.
  3. error_page 403 =404 /404.html;: This changes the error page for forbidden requests (403 errors) to your 404 error page. Replace /404.html with the path to your actual 404 error page.
  4. try_files $uri $uri/ =404;: This tries to serve the request as is, or as a directory, and if neither of those exist, it returns a 404 error.
  5. location ~ \.php$ { deny all; }: This nested location block matches any PHP file in the /admin directory and denies access to it.

However, please be careful as this block will need to be adjusted to fit in with your existing PHP execution configuration, especially if you're using PHP-FPM or similar.

In Nginx, the client's IP is taken from the connection itself and not from an HTTP header like HTTP:X-REAL-IP as in your Apache configuration. If you're behind a proxy and want to allow/deny based on the original client IP, you'll need to use the ngx_http_realip_module and define trusted sources to get the real IP.

 

  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...
On 7/29/2023 at 5:17 PM, Akash Bhati said:

Hello,
Firstly, the conditions and rules you mentioned are in Apache's mod_rewrite syntax, but Nginx uses a different configuration style. Here is the corresponding setup in Nginx:
 

Let me explain what this does:

  1. location /admin: This block applies to any URL path that starts with /admin.
  2. allow 88.85.69.0/24; deny all;: These two lines control access to the /admin directory. Only IP addresses in the range 88.85.69.0 to 88.85.69.255 are allowed. All other IP addresses are denied.
  3. error_page 403 =404 /404.html;: This changes the error page for forbidden requests (403 errors) to your 404 error page. Replace /404.html with the path to your actual 404 error page.
  4. try_files $uri $uri/ =404;: This tries to serve the request as is, or as a directory, and if neither of those exist, it returns a 404 error.
  5. location ~ \.php$ { deny all; }: This nested location block matches any PHP file in the /admin directory and denies access to it.

However, please be careful as this block will need to be adjusted to fit in with your existing PHP execution configuration, especially if you're using PHP-FPM or similar.

In Nginx, the client's IP is taken from the connection itself and not from an HTTP header like HTTP:X-REAL-IP as in your Apache configuration. If you're behind a proxy and want to allow/deny based on the original client IP, you'll need to use the ngx_http_realip_module and define trusted sources to get the real IP.

 

Looks like no one care but I do care, thank you for the tutorial

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
On 9/2/2023 at 1:32 PM, phseven said:

I follow the instructions but get this error

 

Forbidden

You don't have permissions to access this resources

 

 

I hope you took the time to whitelist your IP address with "allow", otherwise it's normal that you're getting this message.

You should post your configuration, in case other people have the same issue.


 

Edited by Mich
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...