====== Access control to phpList admin pages ======

This article describes ways of limiting access to the administrative pages beyond the standard username and password login system.

===== Using Apache rewrite module =====

Configure Apache to block access to all admin pages (only public pages are accessible):

<code apache>
Options -Indexes
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{REQUEST_URI} ^/phplist/admin
	RewriteCond %{REQUEST_URI} !^/phplist/admin/ui
	RewriteCond %{REQUEST_URI} !^/phplist/admin/js
	RewriteCond %{REMOTE_ADDR} !=x.x.x.x
	RewriteRule ^(.*)$ - [R=403,L]
</IfModule> 
</code>