Reasons for certain requests being blocked.
We have developed an extensive list of potentially harmful URLs for Magento, some of them include:
- Known leaks in extensions or older versions of Magento Core.
- URLs often tried with many login attempts (hammering).
- URLs that may be leaking data, such as SQL dumps
When you hit an unacceptable URL, you receive a 406 Not Acceptable response with the following message:
This URL is blocked for security reasons. If you are the owner of this site and want to allow it, please contact Savvii.com
Web Application Firewall
Besides the URL blacklist, we have a set of more extensive rules in our WAF (Web Application Firewall). These include filters for:
- SQL injection attempts
- Attempts to post PHP code to be executed on the server.
These requests are blocked with a 406 Not Acceptable response in the code. For certain requests, an exception can be made using instructions below, but not all cases.
Making exceptions
You may want to allow some of these blocked requests from certain trusted IP addresses. This can be done by adding lines at the top of the .htaccess file in the httpdocs directory:
Allow a Single IP:
# Name of party using this IP
SetEnvIfExpr "-R '192.0.2.1'" allow_insecure=1
Allow an IP range:
# Name of external party
SetEnvIfExpr "-R '86.109.16.0/21'" allow<|begin▁of▁sentence|> insecure=1
# Name of other party
SetEnvIfExpr "-R '2001:985:2e3b::/48'" allow_insecure=1
Was dit artikel nuttig?
Dat is fantastisch!
Hartelijk dank voor uw beoordeling
Sorry dat we u niet konden helpen
Hartelijk dank voor uw beoordeling
Feedback verzonden
We stellen uw moeite op prijs en zullen proberen het artikel te verbeteren