I'm trying to block access to my Joomla site administrator so that it only allows connections from a certain number of IP's that I enter in the web.config file. In Apache servers you have to add the file .htaccess the following:
order allow,deny
deny from all
allow from 8.8.8.8
On the other hand, in the file web.config I have helped this documentation:
<location path="Default Web Site">
<system.webServer>
<security>
<ipSecurity>
<add ipAddress="192.168.100.1" />
<add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
</system.webServer>
</location>
In this case, it blocks those IP's, but what I try to do is block all but the ones I provide.
Also I do not know if I should place that file in the administrator folder that I want to block and replace location path="Default Web Site" with location path="./ administrator" or leave it in the root folder.
Finally Joomla has already provided me with a copy with a web.config.txt is in the root but being a .txt does not have functionality yet and all the content it has does not use it, if you want to use that file to make the IP restriction by removing the extension .txt. Should I add the code block that I have attached above plus what I already had or simply enter the code block that interests me?
Currently I have this located in the root folder of the page and I want to block only the administrator folder that is at the same level as the web.config file that I attached here below:
<configuration>
<location path=".">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="212.142.137.10" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
</location>
</configuration>