Gsyfuy

Deleting missing values from a dataset

US to Europe trip with Canada layover- is 52 minutes enough?

What has been your most complicated TikZ drawing?

Best approach to update all entries in a list that is paginated?

What is the dot in “1.2.4."

Is it true that real estate prices mainly go up?

Can infringement of a trademark be pursued for using a company's name in a sentence?

What is the likely impact on flights of grounding an entire aircraft series?

Confusion with the nameplate of an induction motor

What does おとこえしや mean?

Single word request: Harming the benefactor

If Invisibility ends because the original caster casts a non-concentration spell, does Invisibility also end on other targets of the original casting?

Playing ONE triplet (not three)

Why do Australian milk farmers need to protest supermarkets' milk price?

Sword in the Stone story where the sword was held in place by electromagnets

Make a transparent 448*448 image

My adviser wants to be the first author

Who is our nearest neighbor

Making a sword in the stone, in a medieval world without magic

Do items de-spawn in Diablo?

Latest web browser compatible with Windows 98

What happens with multiple copies of Humility and Glorious Anthem on the battlefield?

Why doesn't the EU now just force the UK to choose between referendum and no-deal?

Running a subshell from the middle of the current command

Magento Secure Magmi from unauthorized access using htaccess

How to restrict specfic ip address to access magento site in .htaccess file in magento?Using htaccess to block visitorsMagento: magmi.ini changed with xmlrpc.php … how could this happen?403 forbidden error while installingHow to get same format of order data like we get from ObserverMagento .htaccess Response for preflight has invalid HTTP status code 400redirect htaccess from lowercase letters to uppercase magento using .htaccessHow to secure Magento 2 dev site using .htaccessPrevent Magento 2.2 Admin page from redirecting with htaccess rewrites for multistore?

1

I'm using below htaccess file to prevent unauthorized access to Magmi.

/{root_path}/{magmi_dir}/.htaccess

Order deny,allow

Deny from all

Allow from 127.0.0.1 202.131.115.180 xxx.xxx.xxx.xxx

this htaccess file is working fine when I'm trying to access Magmi from a browser but it's preventing me to access Magmi when I'm trying to call magmi script from observer using curl.

I've added 127.0.0.1 and server IP in htaccess to whitelist server itself but it's still not allowing me to access Magmi from the observer.

How can I whitelist server itself so that I can call Magmi script from Magento observer?

Thanks in advance.

magento-1.9 magmi htaccess .htaccess

share|improve this question

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

bumped to the homepage by Community♦ 5 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

1

I'm using below htaccess file to prevent unauthorized access to Magmi.

/{root_path}/{magmi_dir}/.htaccess

Order deny,allow

Deny from all

Allow from 127.0.0.1 202.131.115.180 xxx.xxx.xxx.xxx

this htaccess file is working fine when I'm trying to access Magmi from a browser but it's preventing me to access Magmi when I'm trying to call magmi script from observer using curl.

I've added 127.0.0.1 and server IP in htaccess to whitelist server itself but it's still not allowing me to access Magmi from the observer.

How can I whitelist server itself so that I can call Magmi script from Magento observer?

Thanks in advance.

magento-1.9 magmi htaccess .htaccess

share|improve this question

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

bumped to the homepage by Community♦ 5 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I'm using below htaccess file to prevent unauthorized access to Magmi.

/{root_path}/{magmi_dir}/.htaccess

Order deny,allow

Deny from all

Allow from 127.0.0.1 202.131.115.180 xxx.xxx.xxx.xxx

this htaccess file is working fine when I'm trying to access Magmi from a browser but it's preventing me to access Magmi when I'm trying to call magmi script from observer using curl.

I've added 127.0.0.1 and server IP in htaccess to whitelist server itself but it's still not allowing me to access Magmi from the observer.

How can I whitelist server itself so that I can call Magmi script from Magento observer?

Thanks in advance.

magento-1.9 magmi htaccess .htaccess

share|improve this question

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

Order deny,allow

Deny from all

Allow from 127.0.0.1 202.131.115.180 xxx.xxx.xxx.xxx

share|improve this question

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

share|improve this question

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

asked Nov 10 '16 at 13:21

ShyamShyam

1,392828

1 Answer
1

active

oldest

votes

1

make a curl to http://canihazip.com/s to find out the IP of the webserver when making remote requests. It could be this differs from the incomming server IP.

Add that IP to your whitelist.

Alernatify, you can dump the $_SERVER['REMOTE_ADDR'] with a die(); in the index.php and remove the .htaccess block. Make a curl, see what the IP is, add that to the .htaccess whitelist.

share|improve this answer

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f145153%2fmagento-secure-magmi-from-unauthorized-access-using-htaccess%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1

make a curl to http://canihazip.com/s to find out the IP of the webserver when making remote requests. It could be this differs from the incomming server IP.

Add that IP to your whitelist.

Alernatify, you can dump the $_SERVER['REMOTE_ADDR'] with a die(); in the index.php and remove the .htaccess block. Make a curl, see what the IP is, add that to the .htaccess whitelist.

share|improve this answer

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812

add a comment | 

1

make a curl to http://canihazip.com/s to find out the IP of the webserver when making remote requests. It could be this differs from the incomming server IP.

Add that IP to your whitelist.

Alernatify, you can dump the $_SERVER['REMOTE_ADDR'] with a die(); in the index.php and remove the .htaccess block. Make a curl, see what the IP is, add that to the .htaccess whitelist.

share|improve this answer

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812

add a comment | 

make a curl to http://canihazip.com/s to find out the IP of the webserver when making remote requests. It could be this differs from the incomming server IP.

Add that IP to your whitelist.

Alernatify, you can dump the $_SERVER['REMOTE_ADDR'] with a die(); in the index.php and remove the .htaccess block. Make a curl, see what the IP is, add that to the .htaccess whitelist.

share|improve this answer

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812

share|improve this answer

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

edited Apr 25 '17 at 14:48

Raphael at Digital Pianism

54.7k22119278

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812

answered Apr 25 '17 at 14:22

Robin van RaanRobin van Raan

812