how to secure admin login page with IP whitelist?

Discussion in 'Installation/Configuration' started by skysky, Nov 3, 2018.

  1. skysky

    skysky Member

    I want to secure admin login page with IP whitelist by using .htaccess file for apache.

    .htaccess file has rule like below, so that only below IP can access the ISPconfig admin login page
    Order Deny,Allow
    <Limit GET HEAD POST>
    Allow from xx.xx.xx.xx

    But I don't know where to put the .htaccess file, where the path? will it break ISPconfig from working properly?

  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I believe /usr/local/ispconfig/interface/web/; I don't know offhand if a .htaccess file there will survive a future ispconfig update.
    No, that should work fine to limit access. About the only issue that comes to mind to consider is the remote api, as you would need to allow access to that if you use it (eg. via roundcube ispconfig plugin on a remote server or similar).

Share This Page