How do you protect django admin site?

前端 未结 3 1774
眼角桃花
眼角桃花 2021-02-14 09:04

I thought I might restrict it to show only on some IPs, but I have some freelance workers without static IPs that should be able to login to admin site. I rolled out a big proje

3条回答
  •  忘了有多久
    2021-02-14 09:09

    If you are running it behind apache you can use one of its many modules for HTTP authentication (there are similar modules for other servers). This way the user can't even get to the login page without login in.

    Another option would be to block all access from remote URL's and require users to use a VPN to access the admin pages. (I think this would be too big of a hassle)

    We have a site where the admin interface is on a separate domain, it doesn't hide anything but keeps them separate.

提交回复
热议问题