MageHost - Allow URLs which are unsafe to be public

Gewijzigd op Tue, 20 Dec 2022 om 01:02 PM

Disclaimer: MageHost has joined forces with Savvii. Therefore, these articles are only relevant to existing MageHost customers. For more information on this, visit www.savvii.com/en/magehost.  


Why certain requests are blocked

URL Blacklist

MageHost has developed an extensive list of URLs which are potentially harmful for Magento. Some examples are:

  • Known leaks in extensions or in older versions of the Magento core
  • URLs often tried with many attempts to login (hammering)
  • URLs potentially leaking data, for example SQL dumps

When you hit such an URL you can get a 307 redirect to the URL: https://magehost.pro/info/url-blocked/ showing this message:

This URL is blocked for security reasons.

If you are the owner of this site and you want to allow this URL, please contact MageHost.pro

Web Application Firewall

Besides the URL Blacklist we have a set of more extensive rules in our WAF (Web Application Firewall).

These include filters for:

  • SQL injection attempts
  • Attempt to post PHP code to be executed on the server

These requests are blocked with a 406 Not Acceptable response code. For some of these requests an exception can be made using the instructions below, but not in all cases.

  

Making exceptions

You may want to allow some of these blocked requests to certain trusted IP addresses. You can do this by adding these lines on top of the .htaccess file in the httpdocs directory.


Allow a single IP:

# Name of who uses this IP
SetEnvIfExpr  "-R '192.0.2.1'"  allow_insecure=1

Allow an IP range:

# Name of external party
SetEnvIfExpr  "-R '86.109.16.0/21'"  allow_insecure=1
# Name of other party
SetEnvIfExpr  "-R '2001:985:2e3b::/48'"  allow_insecure=1


Was dit artikel nuttig?

Dat is fantastisch!

Hartelijk dank voor uw beoordeling

Sorry dat we u niet konden helpen

Hartelijk dank voor uw beoordeling

Laat ons weten hoe we dit artikel kunnen verbeteren!

Selecteer tenminste een van de redenen
CAPTCHA-verificatie is vereist.

Feedback verzonden

We stellen uw moeite op prijs en zullen proberen het artikel te verbeteren