Django
gives admin url
automatically, such as www.example.com/admin
.
I do not want any outside visitors to access this url. This should be accessed only with in the host and allowed IP address
.
If I try to access to https://instagram.com/admin/
(which is built using Django
),it gives 404 page not Found error
How can I achieve the same behavior?
what is the preferred and right way to do it?
I host my webservice
inwebfaction
and allowing IP address
of host means other webfaction account-holders might be able to access the admin URL which I dont want to. Looking for a neat and simple way
Thanks:
PS: I see a similar question posted here but that is with respect to PHP. I am wondering how can I acheive the same using Django
?
One common method, which is advocated by Two Scoops of Django, is to change your admin url. Thus, rather than logging into your admin at www.example.com/admin/
, you would log in at www.example.com/supers3cret4dm1n/
or something that you've set. This is likely what Instagram has done in your example.
Example code:
urlpatterns = patterns(''
...
url(r'^supers3cret4dm1n/', include(admin.site.urls)), # Change the pattern to whatever you want here
...
)
Note that this doesn't make it accessible from only one IP address, but it does effectively 'hide' your admin login page.
Another tip is to use the django-admin-honeypot
package. This sets up a fake admin page at www.example.com/admin
while having your real admin page at another site that you've set. Then, django-admin-honeypot will alert you if anyone tries to hack your admin at the fake admin site.
EDIT:
If you're dead-set on restricting by IP address, here's a SO question and answer showing how to do it with nginx. I imagine it'd be similar with others.