Restrict Access to Magento Admin Area in Nginx

It is pretty easy to restrict access to magento admin area in nginx. Basically you need to update configuration file and restart it.
All commands applicable for debian. There might be different syntax for other versions.

Nginx config files located in /etc/nginx/sites-available

1. Restrict access by IP

Open configuration file and insert following code

location /admin {
  allow   11.11.11.11; #update to your ip
  deny    all;
}

location /admin {

allow 11.11.11.11; #update to your ip

deny all;

}

2. Restrict access using HTTP auth

Open configuration file and insert following code

location /admin {
    auth_basic "Restricted";
    auth_basic_user_file /var/www/.htpasswd;
}

location /admin {

auth_basic "Restricted";

auth_basic_user_file /var/www/.htpasswd;

}

How to create .htpasswd file – http://httpd.apache.org/docs/2.2/programs/htpasswd.html

Now you can test configuration

sudo service nginx configtest

1	sudo service nginx configtest

and restart nginx

sudo service nginx restart

1	sudo service nginx restart

3 thoughts on “Restrict Access to Magento Admin Area in Nginx”

AnmolNagpal says:
April 30, 2015 at 10:36 pm
Hello,
Using below code allow IP can’t open /admin diretectly index.php is required. nwdthemes.com/index.php/admin
location /admin {
allow 11.11.11.11; #update to your ip
deny all;
}
- elpas0 says:
  May 4, 2015 at 1:15 pm
  I have check it once more and it is working fine for me. Do you have any other restrictions in your nginx config before this code ?
ysq says:
November 30, 2022 at 3:26 am
referred to your configuration in Magento2.4 and entered the account password, and the 404 page appeared

Restrict Access to Magento Admin Area in Nginx

3 thoughts on “Restrict Access to Magento Admin Area in Nginx”

Leave a Reply Cancel reply

Contact Us