Drupal

I keep refining the way I lock down external access to the Drupal 7 admin site and user login page. Lots of attempts come in using “?q=user” which I’d had some success blocking but just added a new check that seems to be doing good work.

I already had a check in place in a file.. a whole list of IP checks to set an environment variable if the user is internal:

SetEnvIf Remote_Addr "^123\.123\.123\.123" Test_Internal=Internal

Then there’s two checks

First a Location match for a bunch of stuff no one should be accessing off network: