Skip to content

IP-Block-Ltd/ipblock-magento

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

⚠️ Status: untested. This extension is provided as-is and has not been tested in production. Please feel free to fork, modify, improve, and open pull requests.

Licensed under GNU GPLv3 (see LICENSE).

IPBlock_Protection (Magento 2.4.9)

Integrates the ip-block.com IP screening service into Magento Open Source. Every storefront request is checked against ip-block.com before any page renders; flagged visitors are redirected to the ip-block.com block page (or shown a local 403).

Admin configuration

Stores → Configuration → IP Block → Protection (ip-block.com)

Field Purpose
Enable IP Protection Master on/off switch
Site ID Your 12-character ip-block.com site identifier
API Key Your 48-character key (stored encrypted)
API Endpoint URL Defaults to https://api.ip-block.com/v1/check
If service is unreachable Fail open (allow) or closed (block) — vendor recommends open
Decision Cache Lifetime Seconds a decision is cached; 0 = check every request
When a visitor is blocked Redirect to ip-block.com block page, or show a local 403 message
Block Message Local 403 text (only when "show message" is chosen)
Allowlisted IPs One IP per line — never blocked

Credentials come from the API Keys page of your ip-block.com dashboard.

Install / enable

Copy this module to app/code/IPBlock/Protection/ in your Magento installation, then from the Magento root run:

php bin/magento module:enable IPBlock_Protection
php bin/magento setup:upgrade
php bin/magento setup:di:compile      # production mode only
php bin/magento cache:flush

API contract (from https://api.ip-block.com/v1)

POST /check — JSON body:

{ "api_key": "...", "site_id": "...", "ip": "203.0.113.42",
  "user_agent": "...", "referrer": "..." }

Response: {"action":"allow"} or {"action":"block"}. The api_key is sent in the body (not an Authorization header). 1-second timeout, fail open on error.

How it works

  • etc/frontend/events.xml hooks controller_action_predispatch (storefront only).
  • Observer/CheckVisitorIp gets the visitor IP/UA/referrer, asks Service/IpChecker, and on a block redirects (or renders a 403) and halts dispatch.
  • Service/IpChecker handles allowlisting, per-request caching, fail-open/closed.
  • Model/Api/Client::isBlocked() speaks the ip-block.com wire format.

Notes

  • Behind a proxy/CDN? Configure Magento's trusted proxies so RemoteAddress returns the real client IP (X-Forwarded-For / CF-Connecting-IP) rather than the proxy's, otherwise every visitor looks like the proxy.
  • Allowlist your own office IP before enabling, so you cannot lock yourself out of the storefront while testing.

About

IP Block protection for Magento (Adobe Commerce OS) — ip-block.com integration. Untested at the moment; please feel free to modify. GPLv3.

Topics

Resources

License

Contributing

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages