The shared security snippet blocked any path matching /(admin|administrator| login.action|struts) with 'return 444', which drops the connection. That bare 'admin' token also matched our own operations dashboard at /admin and the new /admin/compliance-orders, so the browser showed 'This site can't be reached'. Dropped the bare 'admin' token; administrator/login.action/struts stay blocked. Applied live on prod (sudo edit + nginx reload); this updates the source of truth so the ansible nginx role won't reintroduce it. |
||
|---|---|---|
| .. | ||
| pw-analytics-tls.conf.j2 | ||
| pw-api-tls.conf.j2 | ||
| pw-btcpay-tls.conf.j2 | ||
| pw-crypto-tls.conf.j2 | ||
| pw-dev-api-tls.conf.j2 | ||
| pw-dev-tls.conf.j2 | ||
| pw-listmonk-tls.conf.j2 | ||
| pw-mautic-tls.conf.j2 | ||
| pw-minio-tls.conf.j2 | ||
| pw-monitoring-tls.conf.j2 | ||
| pw-portal-tls.conf.j2 | ||
| pw-security.conf.j2 | ||
| pw-site-tls.conf.j2 | ||
| pw-site.conf.j2 | ||
| pw-support-tls.conf.j2 | ||