Set of rules to block most of ZMI and editing?

Even if all Edit/ZMI access is blocked anyway by access rules, for the paranoid ones:

Does anybody of you have a current Plone 5.[0|1] set of rules for apache/nginx (or similar) to block access at the front webserver?

Just a question of the lazy one in me, before I start compiling it myself :wink:

we use this one on nginx:

server {
    location ~ /manage(_.+)?$ {
        deny all;
1 Like