Introduction to Magento 2 and Fastly
Magento 2 is a powerful e-commerce platform that offers extensive customization options. Fastly, a leading content delivery network (CDN), can further enhance the performance and security of your Magento 2 store. One effective way to boost security is by restricting access to the Magento 2 admin URL using Fastly’s custom VCL (Varnish Configuration Language).
Why Restricting Admin URL is Important
Restricting the Magento 2 admin URL is crucial for preventing unauthorized access and potential security breaches. By limiting access to trusted IP addresses, you can significantly reduce the risk of malicious activities and unauthorized login attempts.
Steps to Restrict Admin URL Through Fastly Custom VCL
To restrict the Magento 2 admin URL through Fastly custom VCL, follow these steps:
Step 1: Identify Trusted IP Addresses
Before implementing the restriction, list the IP addresses that should have access to the admin URL. These are usually the IPs of your team members and trusted external partners.
Step 2: Access Fastly Configuration
- Log in to your Adobe Commerce Cloud Admin Panel using your credentials.
- After the logged In to Admin Panel open the Store Configuration with the below path.
Admin Menu >> Stores >> Settings >> Configuration >> Advanced >> System >> Full Page Cache.
Step 3: Write Custom VCL Code
Create Custom VCL Snippet: For the creating the custom VCL Snippet please use below path.
Full Page Cache >> Fastly Configuration >> Custom VCL Snippets.
Create a custom VCL snippet to restrict access to the admin URL. The VCL code should check the incoming request’s IP address and allow access only if it matches one of the trusted IPs. Otherwise, it should deny access and return a 403 Forbidden response.
if ((req.url ~ "^/admin") && !(client.ip ~ "106.213.48.72") && !req.http.Fastly-FF) {
error 403 "Forbidden";
}
If you wish to allow multiple IPs and want to define them using the Edge ACL in the same Fastly configuration.
if ((req.url ~ "^/admin") && !(client.ip ~ allowlist) && !req.http.Fastly-FF) {
error 403 "Forbidden";
}How to set the “allowlist” please visit here.
Step 4: Test and Deploy
After writing the custom VCL code, test it thoroughly to ensure it works as expected. Once verified, deploy the configuration to your Fastly service.
Conclusion
Restricting the Magento 2 admin URL through Fastly custom VCL is a straightforward yet powerful way to enhance your site’s security. By following the steps outlined above, you can ensure that only trusted IP addresses have access to your admin panel, significantly reducing the risk of unauthorized access and potential security threats. How to create more restriction click here.
