问题描述
我认为我可能会限制它只显示一些IP,但我有一些自由职业者没有静态IP应该能够登录到管理员网站。我推出了一个大项目,我正在寻找一些方法来保护管理员网站不想要的眼睛。如果你是在apache后面运行,您可以使用其许多模块之一进行HTTP身份验证(其他服务器有类似的模块)。这样,用户甚至无法登录登录页面。
另一个选项是阻止来自远程URL的所有访问,并要求用户使用VPN访问管理页面。 (我认为这太麻烦了)
我们有一个网站,管理界面在一个单独的域上,它不隐藏任何东西,但保留他们分开。
I thought I might restrict it to show only on some IPs, but I have some freelance workers without static IPs that should be able to login to admin site. I rolled out a big project and I am looking for some ways to protect the admin site fom unwanted eyes.
If you are running it behind apache you can use one of its many modules for HTTP authentication (there are similar modules for other servers). This way the user can't even get to the login page without login in.
Another option would be to block all access from remote URL's and require users to use a VPN to access the admin pages. (I think this would be too big of a hassle)
We have a site where the admin interface is on a separate domain, it doesn't hide anything but keeps them separate.
这篇关于你如何保护django管理员网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!