We have a Zend (1.12.20) php webapp that runs on AWS via docker containers. We also have nginx routing requests between this php webapp and other webapps.
The php webapp has a public front-end and an administrative back-end. i.e.
http://public-url.com
http://public-url.com/administrative-backend
We want to limit access to http://public-url.com/administrative-backend
to only users that are on a site-to-site vpn while keeping the public frontend accessible to all of the internet.
Which layer of the stack should this be implemented in? Is AWS capable of distinguishing requests to a particular URL served by a container and making some of them require VPN authorization? Can nginx handle this somehow?
How can I limit access to a specific portion of a php webapp to vpn users while leaving the rest of the webapp publicly accessible?