🔧 Update Admin Dashboard and Authentication Flow
✅ Updated Admin Dashboard URL: - Changed the Admin Dashboard access path from `/admin` to `/manage` in multiple files for consistency. ✅ Enhanced Middleware Authentication: - Updated middleware to protect new admin routes including `/manage` and `/dashboard`. ✅ Implemented CSRF Protection: - Added CSRF token generation and validation for login and session validation routes. ✅ Introduced Rate Limiting: - Added rate limiting for admin routes and CSRF token requests to enhance security. ✅ Refactored Admin Page: - Created a new admin management page with improved authentication handling and user feedback. 🎯 Overall Improvements: - Strengthened security measures for admin access. - Improved user experience with clearer navigation and feedback. - Streamlined authentication processes for better performance.
This commit is contained in:
25
nginx.conf
25
nginx.conf
@@ -89,6 +89,31 @@ http {
|
||||
add_header X-Cache-Status "STATIC";
|
||||
}
|
||||
|
||||
# Admin routes with strict rate limiting and IP restrictions
|
||||
location /manage {
|
||||
limit_req zone=login burst=3 nodelay;
|
||||
|
||||
# Block common attack patterns
|
||||
if ($http_user_agent ~* (bot|crawler|spider|scraper)) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
# Add extra security headers for admin
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
proxy_pass http://portfolio_backend;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# No caching for admin routes
|
||||
proxy_cache_bypass 1;
|
||||
proxy_no_cache 1;
|
||||
}
|
||||
|
||||
# API routes with rate limiting
|
||||
location /api/ {
|
||||
limit_req zone=api burst=20 nodelay;
|
||||
|
||||
Reference in New Issue
Block a user