How to restrict access to /user on a server with nginx in Drupal?

R

Rokis2017-03-19 23:45:03

Drupal

Rokis, 2017-03-19 23:45:03

Hello.
There is a VPS server with nginx + php-fpm. It has a Drupal site. When defining location / user in its config, it gives a 404 error. And the error appears regardless of what I write in it (albeit empty).
Here's how I do it:

location /user {
allow 111.111.11.11;
deny all;
include /etc/nginx/conf.d/php.conf; #тут подключаю php
}

If I write site.ru/user - it returns 404, if I write site.ru/?q=user - the page opens, but it returns 404 during authorization. The situation is similar with blocking the admin panel:

location /admin {
allow 111.111.11.11;
deny all;
include /etc/nginx/conf.d/php.conf; #тут подключаю php
}

The code works on wordpress. What is the peculiarity of Drupal in this matter? What could be causing this? Tell me please.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Anton Yankovsky, 2017-04-02
@Rokis

This is because you don't understand how try_files and rewrite work. Nginx tries to find the user folder in the root of the site. It is not in Drupal by default and it is directly written about this "2: No such file or directory". There are no other rules that would match or rewrite the url up to /index.php?q=user in the "allow" cases, so don't get around to launching Drupal. All you have to do is do this and it will work :

location /user  {
        allow 111.111.11.11;
        deny all;
        try_files $uri /index.php?$query_string;
}

"will work" in quotation marks because there is a lot of rubbish in the "site config" you provided, and its use is fraught with security problems, among other things.