Difference between revisions of "drupal disabling user login by .htaccess"
From thelinuxwiki
(→logs) |
(→logs) |
||
| Line 19: | Line 19: | ||
| − | $ '''tail -f access_log error_log''' | + | $ '''tail -f access_log error_log''' |
<nowiki>==> error_log <==</nowiki> | <nowiki>==> error_log <==</nowiki> | ||
[Thu Sep 01 11:06:19 2016] [alert] [client 40.77.167.34] /var/www/example123.com/htdocs/.htaccess: <Location not allowed here | [Thu Sep 01 11:06:19 2016] [alert] [client 40.77.167.34] /var/www/example123.com/htdocs/.htaccess: <Location not allowed here | ||
| − | + | <br><nowiki>==> access_log <==</nowiki> | |
| − | <nowiki>==> access_log <==</nowiki> | + | |
40.77.167.34 40.77.167.34 - - [01/Sep/2016:11:06:19 -0500] "GET /user/login HTTP/1.1" 500 605 | 40.77.167.34 40.77.167.34 - - [01/Sep/2016:11:06:19 -0500] "GET /user/login HTTP/1.1" 500 605 | ||
[[category:drupal]] | [[category:drupal]] | ||
[[category:apache]] | [[category:apache]] | ||
Revision as of 16:21, 1 September 2016
description
If you are using drupal to server up a website but have no need for users on the public Internet to login to you site, then you can disable access to the login form or page. This will aid in preventing hackers from logging in as admin.
solution
Example: only allow access to user login from your private IP address range
Add the foilowing lines to you .htaccess file in the root of your drupal site folder.
<Location /user/login> Order allow,deny Allow from 192.168.1.0/24 Allow from 127 </Location>
logs
By default, my apached logs the access attempt and errors as follows..
$ tail -f access_log error_log ==> error_log <== [Thu Sep 01 11:06:19 2016] [alert] [client 40.77.167.34] /var/www/example123.com/htdocs/.htaccess: <Location not allowed here
==> access_log <== 40.77.167.34 40.77.167.34 - - [01/Sep/2016:11:06:19 -0500] "GET /user/login HTTP/1.1" 500 605
