Securing the admin/authoring module of web application or website from public access or hackers is of paramount importance. We can implement IP address based restrictions by configuring our Web Servers setting like .htaccess in case of apache (as shown below), but it can go vain if the website is integrated with CDN for public access.
#a1.b1.c1.d1 & a2.b2.c2.d2 are sample IP@ to be white-listed for public access <LocationMatch "wp-admin"> order deny,allow deny from all allow from a1.b1.c1.d1 a2.b2.c2.d2 </LocationMatch>
AKAMAI provide a simple way to handle the scenario through property manager configuration. We can set up this protection through Property Configuration Settings on our Digital property using Pre-defined Rules and appropriately grouping them.
As part of solution, it can be done by simply applying below rules:
- Add “Deny by IP” rule.
- Provide list of paths that wants to be restricted from public access.
- Set the criteria to block access if Client IP is not among the preferred list of IP@ to be white listed.
- Make sure Control access is set to “Deny”
Save your configuration and try it on Staging.
So to summarize, make sure to apply IP@ based restriction on both Web Servers as well as CDN in order to block public access to admin/authoring module and making the application/website lesser vulnerable to any hack attempts.