cancel
Showing results for 
Search instead for 
Did you mean: 

RSS feeds are not restricted

RSS feeds are not restricted

I have installed Magento 1.7.0.2 within a subdirectory of my document root, e.g.:

http://www.example.com/estore

In my .htaccess file found at the root folder of Magento (/estore) I have restricted access to RSS feed as follows:

 

RewriteRule ^(index.php/?)?rss/catalog/notifystock/? - [NC,L,R=403]

The above works for the below links:

 

http://www.example.com/estore/rss/catalog/notifystock/
http://www.example.com/estore/index.php/rss/catalog/notifystock/

However, the below links are not restricted:

 

http://www.example.com/rss/catalog/notifystock/
http://www.example.com/index.php/rss/catalog/notifystock/

The Base URL declared in Magento configuration at the section System -> Configuration -> Web for both Unsecure and Secure URLs is the same, as I have moved my store to full HTTPS:

https://www.example.com/estore/

I have also modified in the same way the .htaccess file under the document root, but the problem persists.

5 REPLIES 5

Re: RSS feeds are not restricted

Hi @dandrikop,

 

I guess is working under https://www.example.com/estore/ because the .htaccess on that directory.

Has the .htaccess file under http://www.example.com/ the same rule?

Re: RSS feeds are not restricted

Hello Damian,

 

I have an .htaccess file at the document root of http://www.example.com, and another .htaccess file at the subdirectory where Magento is installed (http://www.example.com/estore). Both these .htaccess files contain the below line for restricting access to RSS feeds:

RewriteRule ^(index.php/?)?rss/catalog/notifystock/? - [NC,L,R=403]

However, the restriction works only for http://www.example.com/estore; not for http://www.example.com/.

Given that I have installed Magento in a subdirectory of the document root, should I place any specific line into .htaccess file for that purpose? I have commented out the below line at both those .htaccess files:

RewriteBase /estore/

Regards,

Dimitris

Re: RSS feeds are not restricted

Hi @dandrikop,

 

The .htaccess file at the root directory shouldn't have the:

 

RewriteBase /estore/

Re: RSS feeds are not restricted

Hello Damian,

 

Yes, I know that and the specific line was always commented out at both the .htaccess files found under the document root and Magento root folder:

 

# RewriteBase /estore/

 

Regards,

Dimitris

Re: RSS feeds are not restricted

I managed to locate the actual problem, but I cannot still solve it. As stated above, my Magento 1.7 store is installed under a subdirectory of the document root:

 

http://www.mystore.com/estore

Under the subdirectory where's Magento is installed, I have the following line in .htaccess:

 

RewriteRule ^(index.php/?)?rss/catalog/notifystock/? - [NC,L,R=403]

The above rule blocks all the below HTTP and HTTPS URLs from being visited:

 

http://www.mystore.com/estore/rss/catalog/notifystock/
https://www.mystore.com/estore/rss/catalog/notifystock/
http://www.mystore.com/rss/catalog/notifystock/

But, it does not block the below HTTPS one:

 

https://www.mystore.com/rss/catalog/notifystock/