The module blocks access to REST API endpoints that require authentication. Only the IP addresses defined in the allowed list will have access granted.
The module supports IPv4 and IPv6.
Installation
Info |
---|
This module is optional. |
Code Block |
---|
composer require "creativestyle/magesuite-rest-rictor" ^1.0.0 |
Admin settings
The module is activated by default and will block all requests not defined in the allow list (even when the list of allowed IPs is empty).
Configuration can be found in two places:
Stores -> Configuration -> Services -> Magento Web API -> Web API Security
System -> Extensions -> Integrations -> {Select Integration} -> {Change Tab} IP Restriction
PHP function fnmatch
is used for IP matching so *
is allowed to define groups of addresses
Bypass Headers
IP restriction can be bypassed by defining bypass headers in the configuration and passing it along with the API request. Header name and value can be defined as a wildcard pattern. Allowed matching conditions as used in fnmatch
function.
Backend
The module implements a plugin for the \Magento\Webapi\Controller\Rest\RequestValidator
class.
Frontend
There are no frontend functionalities in the module.