0 items

Extension IP Security (version 2.4.2)

Extension IP Security (version 2.4.2)

This extension gives you the ability to restrict access to your website via IP address or to close your shop for maintenance.

VAT may be applied only for EU customers
  • IP Security
  • IP Security
  • IP Security
  • IP Security
  • IP Security

IP Security is able to restrict access to your website via IP address or IP masks. When the restriction rule is triggered, the customer gets redirected to the CMS page specified in the settings or just to a blank page. You can receive notifications about triggered rules via email. There is also the opportunity to switch your website off for maintenance.


  • Separate white/blacklist for the frontend and the admin panel
  • Notifications about triggered rules to the shop owner via e-mail
  • Two action types for a triggered rule (a blank page and a redirect to a specified CMS page)
  • Editable notification message templates
  • Allows specifying IP addresses, as well as IP masks and IP ranges. You can add comments to rules. Details are available here
  • The application saves IP-addresses which were blocked in the data base. A block journal is available in the admin panel.
  • Access by token function

Usage Examples

Restrict access to the administration panel
Let's say, you are a shop owner and you want your operators and managers to work in the admin panel only from their workplaces. There can be several reasons for that:
  • You don't want for your staff to work overtime from home
  • You don't want for your staff to have access to confidential information without any supervision
  • You want to decrease the probability of getting your information accessed by an outsider, who somehow got an operator's password
With the help of this extension you can limit access to the admin panel. You can enter a list of IP addresses (or IP masks), which will have access to this area of the website. When someone will try to enter from any other addresses, depending on your configuration, he will see either a blank or CMS page.
Restrict access to frontend
You may want to ignore some groups of visitors. It can be:
  • People, who leave unwanted messages in reviews, tags, and other places, where it is possible to enter text
  • People, who tried paying with stolen credit cards
  • Visitors from specific countries (you will have to manually enter the IP address ranges belonging to such countries)
  • Any person, towards whom you feel antipathy
Just like in the previous case, you can create a list of addresses, from which it will be impossible to visit the frontend. You can add comments to any rule, so that you won't forget, why the rule was added in the first place.
Switch off your website for maintenance
For example, you or your IT guys decided to upgrade your Magento version, install a new extension or perform any other technical activities on your website. During that time customer visits are unwanted, but you don't want to lose them. IP Security allows you to temporarily close your shop and show a page with an announcement about the site maintenance time. Also, search engines will be notified that the site is under maintenance, and not down.

Technical details

  • Open source code
  • Extension code conforms to Magento development standards
  • The extension is available in English and Russian. Additional translations can be added by users.
  • Technical information for developers
ver. 2.4.2 (19/04/2018)
  • removed logging for nonexistent function
  • fixed settings display issue on old Magento versions
  • fixed incorrect check for existing server_name
ver. 2.4.1 (12/05/2017)
  • fixed error on downloader page
  • fixed error in the wysiwyg editor when uploading images using token access
ver. 2.4.0 (20/03/2017)
  • added IPv6 support
ver. 2.3.0 (08/02/2017)
  • the extension now blocks access to the RSS page as well (admin settings are used)
ver. 2.2.1 (11/10/2016)
  • fixed undefined variable error while switching stores in IP Security configuration section
  • fixed redirect to specified cms page on block for different stores, in backend it tries to redirect to website with same domain
  • fixed Exception for IPv6 addresses, now IPv6 addresses bypassed
ver. 2.2.0 (10/08/2016)
  • added feature "Access by token", that allows to access the website from a blocked IP address if secret token is known and active.
  • fixed undefined variable error while detecting IP by custom SERVER IP variable
  • fixed error in log grid
  • fixed potential vulnerability for bruteforce (via POST). The issue was not critical, because abusers were not able to receive access to admin even on successful attacks.
ver. 2.1.3 (28/11/2015)
  • fixed: grid was not available for non admin users with permissions
ver. 2.1.2 (28/10/2015)
  • added support for Magento and security patch SUPEE-6788
ver. 2.1.1 (30/04/2015)
  • added comments for some settings
  • extension can be installed with "Composer"
  • fixed issue with usage of HTTP_X_FORWARDED_FOR (check only first IP)
    in this case is visitors IP that we should check
ver. 2.1.0 (13/10/2014)
  • added ability to select variable, where server stores IP address of current visitor. Before only REMOTE_ADDR was used. Now you can select HTTP_X_REAL_IP, HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_CLUSTER_CLIENT_IP depending on your server configuration.
  • fixed bug with wrong date in notification e-mails
  • fixed bug in processing parameter "Email always" while blocking access to admin panel
ver. 2.0.0 (10/09/2012)
  • license type changed from AFL to ETWS Free License v1 (EFL1)
  • code refactored for Magento standards
  • column "Last block rule" added to log table and grid
  • extension now blocks access to the downloader page as well (admin settings are used)
  • ability to use IP ranges (Example:|IP Range) added
  • some Unit tests written
ver. 1.5.3 (06/06/2011)
  • minor bug fixes (variable initializing)
ver. 1.5.2
  • added ability to use IP ranges (Example:|IP Range)
ver. 1.5.1
  • infinite loop resolved when admin block rule is triggered and option "Add Store Code to Urls" is set to Yes and redirect to CMS page is enabled
ver. 1.5.0
  • table for storing blocked ip's added to database
  • log grid added to admin panel
  • option added: send notification on every block or only once for each IP
ver. 1.2.0
  • code pool changed from local to community
  • settings section reworked
  • maintenance mode added
ver. 1.1.0
  • helper added (without it Transactional Mails - Add New Template wasn't working) - relevant for Magento versions 1.4.х
ver. 1.0.9
  • ability to comment IP rules added
  • added notification by e-mail, if block rule is triggered; e-mail templates are editable
  • HTTP response status code set to 403, if blocking rule is triggered
  • rule templates processing error fixed
ver. 0.1.0
  • first stable version


  • bug fix
  • added functionality
  • removed functionality

Documentation is available on the information portal

Please ans
Hpw to block list of countries

Answer: This extension is designed to block/allow specific IP addresses. To block countries, use our other extension Country Blocker
Review by Manish (11/14/2016)
not work
it is blocked myself!!!!
i enter my ip in "Allow this IPs", but can not visit my website

Please, use our ticket system to get help from our support team. Provide additional information in ticket: extension settings (screenshot).
Review by Tony (5/5/2016)
Добрые день. Данный модуль поддерживает работу с ipV6?

Модуль не работает с ipV6.
Review by Арсений (8/13/2015)
How to block All IP except Allowed?
It must be useful function of Admin panel security

Как заблокировать Все IP кроме разрешенных?
На мой взгляд очень нужная функция для доступа в Админку

В настройках модуля в секции "IP Security - Admin" указываете разрешённвые адреса в поле "Allow This IPs". Все адреса, кроме указанных не будут допущены в панель администрирования.
Review by Leo (7/30/2015)
Good but don't allow domain. This patch will helpful if you have dynamic IP and user DynDNS service

Edit app/community/ET/IpSecurity/Model/Observer.php
protected function _convertIpToComparableString($ip)
$partsOfIp = explode(".", trim($ip));
and inseart lines
if ($partsOfIp[2]=='com' OR $partsOfIp[2]=='net' OR $partsOfIp[2]=='org') {
$partsOfIp = explode(".", trim($ip));
(sorry for my English)

Thank you for your contribution. But we do not plan to add this functionality to extension, because function gethostbyname() is to slow.
Review by Lighthousehn (10/26/2014)
why IP limisted to save?
I can't save more IP adress, because i have a lot of IP need to block, but this addon only save a part of them, others just overflow. how to solve it?

Answer: Please see documentation tab and question "The extension saves only part of my list of IP addresses. What should I do?"
Review by jason (9/9/2013)
There has been an error processing your request
I installed yesterday, and had no troubles. Today I tried to get in my admin area, e I got this!

:5:{i:0;s:67:"Mage registry key "_singleton/etipsecurity/observer" already exists";i:1;s:1317:"#0 /home/portodac/public_html/app/Mage.php(192): Mage::throwException('Mage registry k...')
#1 /home/portodac/public_html/app/Mage.php(446): Mage::register('_singleton/etip...', false)
#2 /home/portodac/public_html/includes/src/__default.php(20646): Mage::getSingleton('etipsecurity/ob...')
#3 /home/portodac/public_html/app/Mage.php(416): Mage_Core_Model_App->dispatchEvent('controller_acti...', Array)
#4 /home/portodac/public_html/includes/src/__default.php(13458): Mage::dispatchEvent('controller_acti...', Array)
#5 /home/portodac/public_html/includes/src/Mage_Adminhtml_Controller_Action.php(152): Mage_Core_Controller_Varien_Action->preDispatch()
#6 /home/portodac/public_html/includes/src/__default.php(13362): Mage_Adminhtml_Controller_Action->preDispatch()
#7 /home/portodac/public_html/includes/src/__default.php(17629): Mage_Core_Controller_Varien_Action->dispatch('index')
#8 /home/portodac/public_html/includes/src/__default.php(17220): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#9 /home/portodac/public_html/includes/src/__default.php(19712): Mage_Core_Controller_Varien_Front->dispatch()
#10 /home/portodac/public_html/app/Mage.php(640): Mage_Core_Model_App->run(Array)
#11 /home/portodac/public_html/index.php(80): Mage::run('', 'store')
#12 {main}";s:3:"url";s:6:"/admin";s:11:"script_name";s:10:"/index.php";s:4:"skin";s:5:"admin";}

I Tried to take the folders os the module, but still giving the same error.

Please use our support system to report issues.
Next time read installation instruction before installing any extension. Tou have forgot to disable compilation.
Review by George (6/26/2013)
Модуль IP Security
Прекрасный модуль, замечательно блокирует неправильных пользователей.
Был один - сливал мой контент вручную, заходил на каждую страницу оставаясь там минут на 3 - 5.
Был рад.)

Чего и вам желаю!

Review by Константин (3/7/2013)

Please write a review about Extension IP Security

If you want to ask a question about an extension or report a bug, please use our issue tracking system.

You may also be interested in the following product(s)

Country Blocker

Extension Country Blocker

40 EUR

Please wait...

Continue shopping

{{var product.getAttributeText('definition')}} {{var product.getName()}}
was added to cart.