Hackers ddos server with POST /adm/ requests, there are mix of php and static content in /adm. how to block this particular location for all except whitelisted ip?
I tried:
^~ /adm/
^~ /adm/$
^~ "/adm/ $"
doesn't work, curl -I -X POST https://example.com/adm/ returns 200.
^~ /adm doesn't suite because I need to separate php-fpm and static content,
^~ /adm/.+.php partialy works, but I need also ^~ /adm/(NOT PHP) for css, etc.
~* /adm doesn't work at all I guess because other locations exists
any ideas please?
