Yii

How to improve Yii2 authorization?

My admin panel is made as a module. As a form of authorization, I took the standard one with Yii. But what is the whole juice
? If I go to the admin panel http://localhost/basic/web/index.php?r=admin
Then yes, it requires a login and password if there is no auth_key and cookies.
And only after authorization lets go there.
But I decided to check, and if I'm not authorized as an admin, I'm not in the cookies and auth_key is empty, will it go along the way

http://localhost/basic/web/index.php?r=admin/vacancies/index

And voila, it found. T e from my protection against login with password encryption is useless 0) PS I haven’t installed the CNC yet, since there are big problems with it.
Tell me how you can apnut the admin panel so that you can’t go to the admin pages if you are not authorized