accesslimit on
Turns on IP address limitation and Basic Authentication settings. Valid only with nginx.
It is possible to configure separately for the profile's WordPress admin page and for the profile's document root.
For example, you can set Basic Authentication for the WordPress admin page and deny access to the document root from a specified IP address.
accesslimit on command will overwrite each time with the setting specified in the options.
If you already have IP address limitation enabled and want to add IP address limitations, specify the options again, including the IP addresses that are already enabled. When setting limitations for multiple IP addresses, it is recommended to specify the IP addresses in a file specified as "--allowfile" or "--denyfile".
It is not possible to combine the settings to allow access only from IP addresses specified or deny access only from IP addresses and Basic Authentication by using the accesslimit on command. For advanced access limitation, please configure it in the nginx configuration file.
Example
kusanagi accesslimit on kusanagi_htmlOptions
Target to Set IP Address limitation or Basic Authentication
[--adminpage | --documentroot]Default : --adminpage
Specifies the target for setting IP address restriction and Basic Authentication.
If "--adminpage "is specified, it is set for the WordPress admin page of the profile, it will not be effective for non-WordPress profiles.
If "--documentroot "is specified, it is set to the DocumentRoot of the profile.
Allow Access Only from Specified IP Address
[--allow "allowed IP address","allowed IP address",... | --allowfile "file path containing allowed IP addresses"]Allows access only from the specified IP addresses. Access from other IP addresses will be denied.
When specifying IP addresses to be allowed from a command, multiple IP addresses can be specified in "--allow" separated by commas (,).
To specify IP addresses to be allowed from a file, specify "--allowfile" as a file path containing one IP address per line.
"--allow", "--allowfile", "--deny", "--denyfile", and "--basicauthfile" cannot be specified at the same time.
Deny Access Only from Specified IP Address
[--deny "denied IP address","denied IP address",... | --denyfile "file path containing denied IP addresses"]Denys access only from the specified IP addresses. Access from other IP addresses will be allowed.
When specifying IP addresses to be denied from a command, multiple IP addresses can be specified in "--deny" separated by commas (,).
To specify IP addresses to be denied from a file, specify "--denyfile" as a file path containing one IP address per line.
"--allow", "--allowfile", "--deny", "--denyfile", and "--basicauthfile" cannot be specified at the same time.
Enable Basic Authentication
[--basicauthfile "file path of Basic Authentication"]Enables Basic Authentication.
Specify the htpasswd file that contains the list of users and passwords used for Basic Authentication.
"--allow", "--allowfile", "--deny", "--denyfile", and "--basicauthfile" cannot be specified at the same time.
Profile Name
[profile]Default: The current directory profile
If "profile" is specified, the "accesslimit" of the specified profile will be processed.
However, if the current directory is not a profile, an error will occur.
Output
# kusanagi accesslimit on --allow 127.0.0.1 kusanagi_html
Updated access limit to admin page:
----------------------------------------
location ~* /wp-login\.php$|/wp-admin/((?!(admin-ajax\.php|css/|images/|js/)).)*$ {
- satisfy any;
? ^^
+ satisfy all;
? ^^
allow 127.0.0.1;
deny all;
- auth_basic "basic authentication";
- auth_basic_user_file "/home/kusanagi/.htpasswd";
----------------------------------------
accesslimit completed.
