Skip to content

Restricting Access

There are several options to restrict access to your Stratus store, either for development or to keep out unwanted visitors.  All changes in the Access section update your Nginx configuration at the server level.

Access section

Reach the access section of your Stratus panel via these steps:

  1. Open your Stratus panel
  2. From the left-hand navigation menu, click Access to expand the available options
  3. Choose from the available sections detailed below.
    access section-76

Protect Website

This adds a standard HTTP Authentication restriction to your website.

  1. Click the Enabled checkbox
  2. Add a Login name – the username you will see at a 401 prompt
  3. Enter a Password – the password you will enter the 401 prompt. Your screen should be similar to this:
    password form-7

All traffic will be blocked unless the visitor enters the proper username and password.  Make sure to click Update to enable the option and confirm the change!

You will be greated with a sign-in prompt when you load your site.

sign in-89

Protect URL

This adds a standard HTTP Authentication restriction to your website on a specific URL path.  Fill in the Login and Password fields to restrict your site.  All traffic will be blocked unless the visitor enters the proper username and password.  Make sure to click Update to enable the option and confirm the change!

protect url-75

Protect Directory

This adds a standard HTTP Authentication restriction to your website on a specific URL directory in your document root.  Fill in the Login and Password fields to restrict your site.  All traffic will be blocked unless the visitor enters the proper username and password.  Make sure to click Update to enable the option and confirm the change!

Note this may overlap with the URL option, but rewrites can mean a directory is not the same as the URL path and vice versa. protect dir-64

Restrict By IP Address

Here you can restrict your entire site to a list of IP addresses, and redirect offending traffic.

Restrict for a development site

In the image above, the following options are checked:

  • Redirect to a particular URL
  • Deny access to all except allowed IPs

This is good if you want to redirect traffic from your dev site over to your live site, other than special people like your developers.

  1. Open the Restrict By IP Address section
  2. Check the Deny IP Access To The Website, Except Allowed Below box, the Redirect Visitor To URL Below If IP Doesn’t Match Rules box is optional, enter a domain if needed.
  3. Add an IP you wish to allow, with the rule set to Allow. For additional IPs, click Add IP Rule to create new entries.
  4. Click Update to confirm your change
    restrictip-40

Restrict only certain IPs

You can also use the IP Address section to block malicious/unwanted IPs as basic protection in your Nginx configuration.

  1. Open the Restrict By IP Address section
  2. Leave the two checkboxes unchecked.
  3. Click the Add IP Rule box to create a new entry.
  4. Enter a label and the IP you want to block.
  5. Set the Rule to Deny.
  6. Click Update to apply your change.
    blockips-13

Block Countries

Countries can be blocked based on GeoIP.  GeoIP is not perfect but will block most of the traffic from a given country.   Country blocks, unlike the other access restrictions in the Access section, apply their block directly to your CloudFront distribution.  All traffic is stopped before it reaches your Stratus environment.

  1. Expand the Access section.
  2. Click Block Countries
  3. Check the boxes for the countries you want to block. You can also choose to restrict all, or Restrict Access For All Countries Not Shipping To – this option restricts traffic to countries enabled in the general/country/allow value in your Magento core_config_data table
  4. Click Update to confirm your change. It will take up to 20 minutes to take effect.

Bots and user agent blocking

Sometimes you don’t want that extra spider hitting your site.  Here you can block any user agent.  Please note this block works by matching the string. In the screenshot below any user agent containing baidu or megaindex in the agent string will be blocked.

  1. Expand the Access section.
  2. Click Block Bots
  3. Fill in a list of user agent strings.  Strings will be regexed match so any user agent containing those strings will be blocked i.e. adding baidu would block asdfasdfbaiduadfadf and so on.
  4. Click Update to confirm your change.
    botblock-1-50