Magento – Block RSS feed on 1.7 magento

magento-1.7

I followed Magento instruction and added the following rule in the root .htaccess file (inside IfModule mod_rewrite.c>):
RewriteRule ^(index.php/?)?rss/ – [L,R=403]

I still can access RSS request page: /index.phprss/catalog/notifystock

Any idea how to block RSS access on 1.7 magento?

https://magento.com/security/best-practices/protect-your-magento-installation-password-guessing-new-update

P.S.
I found on the website https://support.hypernode.com/knowledgebase/how-to-protect-your-magento-store-against-brute-force/

"Because the RSS endpoint is reachable under various locations, it is generally not possible to filter RSS when using Apache (without using mod_rewrite). It is recommended to upgrade to at least version 1.9.3 and disable RSS in the backend."

Best Answer

If possible, I would recommend just disabling the Mage_Rss module. See Marius' answer on this question for an example of how to disable core modules.

https://magento.stackexchange.com/a/2664/2241

Zookal has done some research on what modules can be disabled without problems. Of course, if they are not being used. Mage_Rss is on their list of safe modules to disable (see list at the bottom of the page).

http://zookal.github.io/magento-mock/etc/challenges.html

Related Solutions

Magento – Magento 1.7 error invalid block type

If you take a look at your error call stack

#0 /home/public_html/domain.nl/includes/src/__default.php(27333):     Mage::throwException('Ongeldig blokty...')
#1 /home/public_html/domain.nl/includes/src/__default.php(27275):      Mage_Core_Model_Layout->_getBlockInstance('relatedslider/p...', Array)
#2 /home/public_html/domain.nl/includes/src/__default.php(27310):      Mage_Core_Model_Layout->createBlock('relatedslider/p...', 'magentothem_rel...')
#3 /home/public_html/domain.nl/includes/src/__default.php(27077):

most of the files involved come from the includes/src/__default.php file. Magento only uses this file when it's running in "compiler" mode. Compiler mode is when Magento looks at all the module class files in app/code/*/*, and then makes a copy of those files in includes/src — it also combines many base classes in a single file, __default.php. This is done to increase performance in production systems.

So, step one would be to disable compiler mode, see if the error has gone away, and then re-compile your classes to catch whatever class was missed in the initial compilation. You can do this at

System -> Tools -> Compilation

Or via the shell script

$ php shell/compiler.php

If the problem does not go away when compilation mode is disabled, it looks like Magento is trying to instante a block (perhaps embedded in a CMS page) that doesn't exist.

Mage_Core_Model_Layout->createBlock('relatedslider/p...', 'magentothem_rel...')

Unfortunately, this block's full class alias (relatedslider/p...) is omitted. Figuring out the full block alias, and why Magento can't instantiate it (missing class, mistyped alias, etc.) will lead you to a solution for your problem.

Magento – Add custom block on success checkout page on Magento 1.7

you can try below one

 <checkout_onepage_success translate="label">
    <label>One Page Checkout Success</label>
    <reference name="root">
        <action method="setTemplate"><template>page/2columns-right.phtml</template></action>
    </reference>
    <reference name="content">
        <block type="checkout/onepage_success" name="checkout.success" template="checkout/success.phtml"/>
        <block type="catalog/product_list" name="product_list" template="catalog/product/list-limit.phtml">
            <action method="setColumnCount"><count>4</count></action>
        </block>
    </reference>
</checkout_onepage_success>

Hope this will work

Best Answer

Related Solutions

Magento – Magento 1.7 error invalid block type

Magento – Add custom block on success checkout page on Magento 1.7

Related Topic