Hey, I was importing one server that I had just for wordpress into my little ISPConfig cluster, and part of what we had always done for customers was to protect wp-login.php and xmlrpc.php in lieu of just the wp-admin folder as that has been reported to break some public functionality. So below is the block I was previously using to protect those files, how does a person achieve this in ISPC? location ~* /(wp-login.php|xmlrpc.php) { auth_basic "Restricted"; auth_basic_user_file /path/to/some/.htpasswd; include /etc/nginx/config/php-core.config; } The include listed there just includes some core config to be able to process PHP scripts. I had tried this before with the protected folder option, but it does not seem to allow regex or anything. It seemed a little bit cumbersome to try and setup two protected paths individually and try to match up the right protection. Looking for your best options. Thanks, Doc
Till, I did see that. I was just trying to keep the manual interaction to a minimum. I dont even mind creating a code snippet -- but I am unsure how you would create the php block, the right paths, etc. Is there any documentation anywhere on the variables we can use in the snippets? Thanks,
I did try using snippets, tried using this code : location ~* /(wp-login.php|xmlrpc.php) { ##merge## auth_basic "Members Only"; auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd; location ~ \.php$ { try_files <tmpl_var name='rnd_php_dummy_file'> @php; } } The snippets evidently don't process <tmpl_var name='htpasswd_path'> or <tmpl_var name='rnd_php_dummy_file'> ...? I thought if I used the above, then the user would only have to create a user.
So I thought i had it wrapped out. A snippet that creates everything needed. Protects the two files referenced, the same random html file for the php snippet but probably not a huge deal. Where I got stuck now is that going in to use the protected users feature, you have to first assign it to a folder. That be the problem -- there is no folder defined as I was doing it through a snippet. Thoughts?
Ive got a snippet sort of worked out. It puts in some custom stuff for Wordpress, rewrites, protect wp-login.php and xmlrpc.php, etc. But another problem surfaced. In order to protect a php file, apparently the code block must be executed earlier in the code (above the location ~ \.php$ block). With just using the ISPConfig, it puts it at the bottom and does not work. When I move it manually above, it works fine. So how do we do this with ISPConfig? I imagine the next time the config is synced or they make a change my changes will be overwritten. Please advise...
You could try this: Code: location ~ \.php$ { ##merge## location ~* /(wp-login.php|xmlrpc.php) { auth_basic "Restricted"; auth_basic_user_file /path/to/some/.htpasswd; include /etc/nginx/config/php-core.config; } }
