Hello!

There is a question about access restrictions.

It is necessary that access from the outside to the site be denied (I know how to do it) if a person tries to log in directly, but if the request occurs through api, then the restriction does not apply.

It is necessary to restrict access to the crm system.

I would be grateful if you tell me how to do it, or where to look. Thank!

  • What is the difference between requests via api and requests from the pages of the site? - Visman
  • @Visman, the point is to restrict access to the site via ip, if the request for api comes from another ip, it will not work, but it will be necessary for htaccess to skip this request. There is an idea to write down the rule that a host will be checked by the request - Bogdan Gudyma

1 answer 1

Do so

# 1 этап #запрещаем, например, доступ к файлам с раширением .php для всех, кроме <FilesMatch "\.php$"> Order Deny,Allow Deny from all # первый ip, которому разрешен доступ Allow from 127.0.0.1 # второй ip, которому разрешен доступ Allow from ::1 # и так далее </FilesMatch> # 2 этап # разрешаем доступ к api (тут в регулярке указан файл "api.php") для всех <FilesMatch "^api\.php$"> Order Deny,Allow Allow from all </FilesMatch>

You just need to specify a list of ip from which access to the site is allowed and the file name in the form of a regular expression on which you have access to api hangs.

  • thanks for the tip! I will take into account, but one more thing remains, as I pointed out, access to crm is prohibited, and I don’t know where the api file is located (and whether it is not broken into parts). If there are no other options and ideas I will try on the example of your instructions. - Bogdan Gudyma
  • @BogdanGudyma, you can specify not one file as a regular, but many, but it is enough to allow access only to the one that is the "input" to the api, but those files that are connected via include / require in it will run without problems. - Visman