14👍
Id go for apache configuration:
<Location /admin>
Order Deny, Allow
Deny from all
Allow from 127.0.0.1
</Location>
HTH.
2👍
I’d go for the Apache configuration + run a proxy in front + restrict in WSGI :
-
I dislike Apache for communicating with web clients when dynamic content generation is involved. Because of it’s execution model, a slow or disconnected client can tie up the Apache process. If you have a proxy in front ( i prefer nginx, but even a vanilla apache will do ), the proxy will worry about the clients and Apache can focus on a new dynamic content request.
-
Depending on your Apache configuration, a process can also slurp a lot of memory and hold onto it until it hits MaxRequests. If you have memory intensive code in /admin ( many people do ), you can end up with Apache processes that grab a lot more memory than they need. If you split your Apache config into /admin and /!admin , you can tweak your apache settings to have a larger number of /!admin servers which require a smaller potential footprint.
-
I’m paranoid server setups.
- I want to ensure the proxy only sends /admin to a certain Apache port.
- I want to ensure that Apache only receives /admin on certain apache port, and that it came from the proxy (with a secret header) or from localhost.
- I want to ensure that the WSGI is only running the /admin stuff based on certain server/client conditions.
- [Django]-Jenkins not failing on tests that fail in coverage
- [Django]-Cannot concatenate 'str' and 'tuple' objects – Django – johnny cache