Hi guys,
I hope someone can help me.
I’m working on my first Lucee box on EC2 and after many headaches and hurdles I’m getting somewhere!
I’m wanting to lockdown /lucee/admin/ for security and cosmetics in production but I’m finding that very hard.
I’m using VirtualMin/Apache with Lucee auto-installed on top of it.
Just as I have my EC2 instance’s SSH lockeddown to certain IPs, and I have phpmyadmin locked down to certain IPs with a .htaccess rewrite rule, I want to do the same with /lucee/admin/.
I’ve tried .htaccess rewrite rules but it looks like they aren’t effective with the /lucee/* mappings.
The docs (linked) say you can use this Rewrite rule:
RewriteCond %{REMOTE_ADDR} !=127\.0\.0\.1
RewriteRule ^.*/lucee/admin/ - [F]
But that doesn’t work for my virtual host.
Whereas this does work to lockdown my /phpmyadmin:
RewriteCond %{REMOTE_HOST} !^33\.145\.20\.307
RewriteCond %{REQUEST_URI} /(phpmyadmin|server_tools|WEB-INF|lucee)(.*)
RewriteRule .* /403.shtml [L]
I hope that’s clear and I hope someone can help. Thanks in advance.