How to restrict system administrator login to specific IP Addresses


Generally authoring instance is usually located behind a company's firewall that provides full protection. For external access OR to improve the authoring performance the instance may be exposed through webserver using dispatcher module [0] to external world.  How to restrict system-level access to a single IP or a range of IP addresses for increased security?


Using a ModSecurity [1] rule is one of the option to limit the use of the "admin" login via certain IPs. The steps are

  1. Install the plugin mod_security
  2. Load/Enable the mod_security & unique_id_module in httpd.conf
  3. Configure a security rules  & for more details refer[2]. 

An sample httpd.conf for apache (Steps 2 & 3 above) to allow system admin login only from ip is shown below


LoadModule unique_id_module modules/
LoadModule security2_module modules/


<IfModule mod_security2.c>
 SecRuleEngine On
 SecRequestBodyAccess On
 SecResponseBodyAccess Off


<LocationMatch /libs/cq/core/content/login.html/j_security_check>
 SecRule REMOTE_ADDR "!@ipMatch" "id:'23000',chain,deny,log"
 SecRule ARGS:j_username "admin" "t:lowercase"

Same can be applied to webserver configured for publish instance.



Get help faster and easier

New user?