How to restrict system administrator login to specific IP Addresses
Generally authoring instance is usually located behind a company's firewall that provides full protection. For external access OR to improve the authoring performance the instance may be exposed through webserver using dispatcher module  to external world. How to restrict system-level access to a single IP or a range of IP addresses for increased security?
Using a ModSecurity  rule is one of the option to limit the use of the "admin" login via certain IPs. The steps are
- Install the plugin mod_security
- Load/Enable the mod_security & unique_id_module in httpd.conf
- Configure a security rules & for more details refer.
An sample httpd.conf for apache (Steps 2 & 3 above) to allow system admin login only from ip 172.16.208.11 is shown below
. . . LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so . . . <IfModule mod_security2.c> SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess Off </IfModule> . . . <LocationMatch /libs/cq/core/content/login.html/j_security_check> SecRule REMOTE_ADDR "!@ipMatch 172.16.208.11" "id:'23000',chain,deny,log" SecRule ARGS:j_username "admin" "t:lowercase" </LocationMatch>
Same can be applied to webserver configured for publish instance.