cancel
Showing results for 
Search instead for 
Did you mean: 

MAGENTO 2 BACKEND ACCESS RESTRICTION THROUGH IP WHITE LISTING

MAGENTO 2 BACKEND ACCESS RESTRICTION THROUGH IP WHITE LISTING

Please is there a way to restrict backend access using IP whitelisting?

2 REPLIES 2

Re: MAGENTO 2 BACKEND ACCESS RESTRICTION THROUGH IP WHITE LISTING

Hi @supportpaye522 

 

Please have a look at this article and let me know in case you face any issues.

 

Thank you.

Re: MAGENTO 2 BACKEND ACCESS RESTRICTION THROUGH IP WHITE LISTING

Most Magento needs need to be PCI Compliant because they accept payment cards (ie. credit/debit cards). 

 

As you'll see at https://magento.com/resources/pci-compliance "Your business must utilize a firewall configuration to protect cardholder data and create a secure network. A firewall controls your network traffic and blocks any transmissions which don’t meet your particular security criteria."

 

Many Magento stores get their Web Application Firewall (WAF) as part of their hosting package. A good Magento host will provide this as a standard part of your hosting environment, and will help to configure and manage your firewall for you. This includes setting up IP whitelists for the Magento admin. 

 

Unfortunately, this isn't a standard that all hosts that offer Magento hosting follow. We saw this with the cardbleed attacks last year: https://twitter.com/gwillem/status/1306196862991577088

 

If your host isn't taking care of this for you, you should consider a vendor that fits your budget, like Cloudflare, Sucuri, Sitelock, Foregenix, or Sectigo.

 

While you can manage IP whitelisting from Apache or NGINX, if you're going to be using a proper firewall, it may indeed be a better decision to manage your