New feature: enhance security with custom admin URL.

[kiatng]

Description (*)

Ref https://github.com/OpenMage/magento-lts/pull/1209#issuecomment-2345295441, where I was trying to make use of the nginx config for admin without the use of caddy. For this, I needed the ability to have a custom admin URL, which is configurable here:

However, Custom Admin URL is not implemented. This PR is my attempt to complete the implementation.

When Custom Admin URL is used, frontend access to admin is forbidden in the function match() in app/code/core/Mage/Core/Controller/Varien/Router/Admin.php. This is independent of server config, which provides an alternate way: https://github.com/OpenMage/magento-lts/blob/5a95706f4d03d94f90878d12ac448d1a1e28096d/dev/openmage/nginx-frontend.conf#L150-L154

Related Pull Requests

PR #1209

Manual testing scenarios (*)

1. Add a separate host for admin, example nginx config:

server {
    listen 80;
    server_name admin.example.com;

    access_log /var/log/nginx/admin.example.com-access.log combined;
    error_log /var/log/nginx/admin.example.com-error.log;

    set $webroot /var/web/example; # OpenMage root

    include include/openmage-admin.conf; # See dev/openmage/nginx-admin.conf
}

2. It's probably not feasible to set Custom Admin URL in admin. So add it directly to the table:

UPDATE `core_config_data` SET `value` = '1' WHERE `path` = 'admin/url/use_custom';
INSERT INTO `core_config_data` (`scope`, `scope_id`, `path`, `value`, `updated_at`) VALUES ('default', '0', 'admin/url/custom', 'admin.example.com', CURRENT_TIMESTAMP);

3. Navigate to admin.example.com/adminFrontName where adminFrontName is set in /etc/local.xml
4. Navigate to main store www.example.com/adminFrontName should return 404 page not found.

Questions or comments

I am not sure if this is the best way to implement the custom admin URL. Collab welcome.