go to MageHost.pro website

Articles in this section

See more

Allow URLs which are unsafe to be public

  • Updated
Follow

Why certain requests are blocked

URL Blacklist

MageHost has developed an extensive list of URLs which are potentially harmful for Magento. Some examples are:

  • Known leaks in extensions or in older versions of the Magento core
  • URLs often tried with many attempts to login (hammering)
  • URLs potentially leaking data, for example SQL dumps

When you hit such an URL you can get a 307 redirect to the URL
https://magehost.pro/info/url-blocked/ showing this message:

This URL is blocked for security reasons.

If you are the owner of this site and you want to allow this URL, please contact MageHost.pro


Web Application Firewall

Besides the URL Blacklist we have a set of more extensive rules in our WAF (Web Application Firewall).
These include filters for:

  • SQL injection attempts
  • Attempt to post PHP code to be executed on the server

These requests are blocked with a 406 Not Acceptable response code.
For some of these requests an exception can be made using the instructions below, but not in all cases.
  

Making exceptions

You may want to allow some of these blocked requests to certain trusted IP addresses.
You can do this by adding these lines on top of the .htaccess file in the httpdocs directory.

Allow a single IP:

# Name of who uses this IP
SetEnvIfExpr  "-R '192.0.2.1'"  allow_insecure=1

Allow an IP range:

# Name of external party
SetEnvIfExpr  "-R '86.109.16.0/21'"  allow_insecure=1
# Name of other party
SetEnvIfExpr  "-R '2001:985:2e3b::/48'"  allow_insecure=1

 

Related articles