Disclaimer: MageHost has joined forces with Savvii. Therefore, these articles are only relevant to existing MageHost customers. For more information on this, visit www.savvii.com/en/magehost.
Why certain requests are blocked
URL Blacklist
MageHost has developed an extensive list of URLs which are potentially harmful for Magento. Some examples are:
- Known leaks in extensions or in older versions of the Magento core
- URLs often tried with many attempts to login (hammering)
- URLs potentially leaking data, for example SQL dumps
When you hit such an URL you can get a 307 redirect to the URL: https://magehost.pro/info/url-blocked/ showing this message:
This URL is blocked for security reasons. If you are the owner of this site and you want to allow this URL, please contact MageHost.pro
Web Application Firewall
Besides the URL Blacklist we have a set of more extensive rules in our WAF (Web Application Firewall).
These include filters for:
- SQL injection attempts
- Attempt to post PHP code to be executed on the server
These requests are blocked with a 406 Not Acceptable response code. For some of these requests an exception can be made using the instructions below, but not in all cases.
Making exceptions
You may want to allow some of these blocked requests to certain trusted IP addresses. You can do this by adding these lines on top of the .htaccess file in the httpdocs directory.
Allow a single IP:
# Name of who uses this IP SetEnvIfExpr "-R '192.0.2.1'" allow_insecure=1
Allow an IP range:
# Name of external party SetEnvIfExpr "-R '86.109.16.0/21'" allow_insecure=1 # Name of other party SetEnvIfExpr "-R '2001:985:2e3b::/48'" allow_insecure=1
Was dit artikel nuttig?
Dat is fantastisch!
Hartelijk dank voor uw beoordeling
Sorry dat we u niet konden helpen
Hartelijk dank voor uw beoordeling
Feedback verzonden
We stellen uw moeite op prijs en zullen proberen het artikel te verbeteren