Whitelist iPhone/office computer IP address to access wordpress login page, deny any other ip address

Tue Nov 9 19:32:48 UTC 2021

I am running a lemp server which is working and running wordpress quite
properly. As of now, I have my wordpress web login blacklisted by all IP
addresses EXCEPT any IP on my lan with the following directive:

server {
# Allow local only to wp-login page
location ~ /wp-login.php {
allow 192.168.1.0/24;
deny all;
error_page 403 =444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

This directive sucessfully blocks all internet traffic to
"mywebsite.com/wp-login.php", which is the wordpress admin login page.
In other words, with this directive set, I can access the wordpress login
page anywhere on my internal LAN, but the directive denys any outside
internet traffic from seeing the "mywebsite.com/wp-login.php" page. GREAT!

1. NOW, What I want to do, is to whitelist the ip address of my phone (and
my office computer at work), so that I can access the wordpress login page
from my phone's IP address and/or my office computer, while still blocking
any other outside internet traffic. To do so I go to www.whatsmyip.org on my
phone, copy the ip address that it gives me, then modify the previous
directive to look like the following:

server {
# Allow local only to wp-login page
location ~ /wp-login.php {
allow my_phones_ip_address_as_shown_on_whatsmyip.org;
allow 192.168.1.0/24;
deny all;
error_page 403 =444;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

HOWEVER, after reloading nginx, I still cannot access the wp-login
(wordpress login) page from my phone.

2. What I also want to do, is for nginx to completely drop any connection
that tries to access my wp-login page, instead of giving multiple redirects
with "error_page 403 =444". I could not find any other way for nginx to
completely drop the connection to the page if accessed from an outside
source, and using the "error_page 403 =444" stanza was the closes workaround
that I could find on the internet. Could someone please advise me on how to
force nginx to completely drop any connection so it looks like the page
doesn't exist when accessing it, instead of giving an error message? In
other words, is there something I can use to replace "error_page 403 =444"
with a directive that will make the page the user is trying to access
non-existent?

FOR REFERENCE#1 my nginx.conf has been copied and pasted on pastebin at the
following link:
[link]https://pastebin.com/0bUgW0QM[/link]

FOR REFERENCE#2 my virtual host configuration has been copied and pasted on
pastebin at the following link:
[link]https://pastebin.com/jRC4nNi7[/link]

My question is:
1) How can I properly whitelist my phones ip address, while blacklisting
everything else and..
2) How can I force nginx to initiate a dropped connection for blacklisted IP
addresses, instead of my current "redirection" workaround?

Dan Ran
dan at nerd-tech.net
dan at danran.rocks
https://nerd-tech.net
https://danran.rocks

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292784,292784#msg-292784