The module blocks access to REST API endpoints that require authentication. Only the IP addresses defined in the allowed list will have access granted.

The module supports IPv4 and IPv6.

Installation

composer require "creativestyle/magesuite-rest-rictor" ^1.0.0

Admin settings

The module is activated by default and will block all requests not defined in the allow list (even when the list of allowed IPs is empty).

Configuration can be found in Stores -> Configuration -> Services -> Magento Web API -> Web API Security

fnmatch PHP function is used for IP matching so * is allowed to define groups of addresses

Backend

The module implements a plugin for \Magento\Webapi\Controller\Rest\RequestValidator class.

Frontend

There are no frontend functionalities in the module.