drupal

IP filtering protection on the login page with NGINX

If there is no other users that login on your websites but your team, you may want to filter the IP that can access the login pages.

On NGINX, this is done by adding location rules in your server block:

    
server {
    ...

    #login protection
    location /user/login {
        allow 92.127.254.0/24; #Domain
        allow 191.40.194.126; #IP
        try_files $uri /index.php?$query_string;
    }
    .....
    
}

Dev and prod plateform : avoid duplicating /default/files

When you want to refresh your dev environement with data from the production, you need to update the database and the user uploaded files, with is the most boring part if you only use FTP.

You can avoid this step by adding a single line to your htaccess file, or even better, in the virtualhost definition to avoid drupal overriding it on every update.

Simple way to bypass the one time login form

In Drupal 6 and 7, user using the password recovery, or "verify your email" registration process, will receive a mail with a one time login link.
Cliking the link will bring them to a one time login form they have to submit.

So here is a trick from sivaji from drupalgardens to bypass the one time login form.