Block Website Editing from Public Internet

G5 Cyber Security

1 month ago

TL;DR

Prevent direct website editing via public internet access by restricting access to content management systems (CMS) and related tools using firewall rules, VPNs, or IP address restrictions. This guide covers common methods.

Steps to Block Web Content Authoring from the Internet

Understand Your Setup

Identify your CMS (WordPress, Joomla, Drupal etc.).
Determine how you access your CMS – directly on a server, via a web interface, or through an application.
Know the public IP address(es) used to access your website and CMS. If using dynamic DNS, note that this can change.

Option 1: Firewall Rules (Recommended)

Firewalls are the most robust solution. This example uses a common Linux firewall, iptables.

Block Specific IP Addresses: If you know the IPs you want to block.
```
sudo iptables -A INPUT -s [IP Address] -j DROP
```
Replace [IP Address] with the actual IP address.
Block a Range of IP Addresses: Useful for blocking entire networks.
```
sudo iptables -A INPUT -s [Network Address]/[CIDR Mask] -j DROP
```
Example: sudo iptables -A INPUT -s 192.168.1.0/24 -j DROP
Block Access to CMS Ports: Common ports include 80 (HTTP), 443 (HTTPS). Be careful not to block legitimate traffic.
```
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
```
```
sudo iptables -A INPUT -p tcp --dport 443 -j DROP
```
Save Firewall Rules: Rules are often lost on reboot. Use a command specific to your distribution (e.g., sudo netfilter-persistent save on Debian/Ubuntu).
```
sudo iptables-save > /etc/iptables/rules.v4
```

Option 2: VPN Access

Require all content authors to connect via a Virtual Private Network (VPN).

Set up a VPN Server: Use software like OpenVPN, WireGuard, or Tailscale.
Configure CMS Access: Only allow access to the CMS from the VPN’s internal IP address range. This is usually done in your firewall rules (see Option 1). For example, block all external access to port 80 and 443 except for traffic originating from your VPN subnet.
Provide VPN Credentials: Give secure credentials to authorized users only.

Option 3: IP Address Restriction in CMS (Less Secure)

Some CMS platforms allow you to restrict access based on IP address directly within the CMS settings.

WordPress Example: Use a plugin like “IP Deny” or edit your .htaccess file.

# Block specific IP address
Order deny,allow
Deny from [IP Address]
Allow from all

Joomla/Drupal: Check the CMS documentation for similar features or plugins.

Option 4: Two-Factor Authentication (2FA)

While not a direct block, 2FA adds an extra layer of security.

Enable 2FA for all CMS user accounts. This requires users to enter a code from their phone or authenticator app in addition to their password.

Testing and Monitoring

Test Access: After implementing any changes, verify that authorized users can still access the CMS as expected.
Monitor Logs: Regularly check your firewall logs for blocked attempts or suspicious activity.