lgcosta/paperless-ngx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document that /admin/login isn’t blocked when disabling direct logins

Browse Source 
I understand from https://github.com/paperless-ngx/paperless-ngx/pull/5816 that this can’t or won’t be implemented in Paperless itself. That’s fine, but I think we should document this and offer an example of how someone could block it at a different layer in the stack.
This commit is contained in:
Andrew Berry 2024-03-04 08:01:30 -05:00 committed by GitHub
parent 23ceb2a5ec
commit 449db51aff
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/advanced_usage.md
View File

@ -695,4 +695,10 @@ More details about configuration option for various providers can be found in th
### Disabling Regular Login
Once external auth is set up, 'regular' login can be disabled with the [PAPERLESS_DISABLE_REGULAR_LOGIN](configuration.md#PAPERLESS_DISABLE_REGULAR_LOGIN) setting.
Once external auth is set up, 'regular' login can be disabled with the [PAPERLESS_DISABLE_REGULAR_LOGIN](configuration.md#PAPERLESS_DISABLE_REGULAR_LOGIN) setting. This setting will not black access to the built-in Django login form at `/admin/login`. To block access to that page, consider blocking it in your web server configuration. For example, with Nginx, try:
```
location /admin/login {
return 403;
}
```