X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   X-Payments issues & questions (https://forum.x-cart.com/forumdisplay.php?f=50)
-   -   X-Payments htaccess - restrict IPs question (https://forum.x-cart.com/showthread.php?t=65115)

carpeperdiem 10-14-2012 11:41 PM
X-Payments htaccess - restrict IPs question
 
Since x-payments is all about security, why not really lock it down and ONLY permit access from known IP addresses, right? It's built right into the x-pay htaccess:

Code:
# Allow all requests to admin.php and api.php scripts
# If you want restrict access to these scripts by IP-addresses,
# comment this block out and read instructions below

Great. Obvious.

Code:
# Uncomment the lines below to allow access to the admin script
# only from specific IP-addresses
# (replace 192.168.10.32 below to your IP-addresses)
#
<Files ~ "admin.php*">
Order deny,allow
Deny from all
#office
allow from 12.34.56.78
#home
allow from 23.45.67.89
</Files>

Now -- this part broke my connection to xcart:
Code:
# Uncomment the lines below to allow access to the api script
# only from specific IP-addresses
# (replace 192.168.10.32 below to your IP-addresses)
#
<Files ~ "api.php*">
Order deny,allow
Deny from all
Allow from xcart.ip.add.ress
Allow from 12.34.56.78
</Files>

Now that didn't work. DO I need to also allow "localhost" ?

Am I correct in reading this as this constrains the api script to only the ips designated. That's what I want. What did I do wrong?

Who else needs to get to api.php and which IPs should this be set to ?
Thanks.
J


All times are GMT -8. The time now is 09:32 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.