Restrict API access per IP address


#1

Hi guys,

Is it possible to allow access to API through htaccess file to make authentication on the site and get to work piwik plug in working in the same time?

I really like to restrict access to Matomo login to avoid ex brute force attacks. but with example of htaccess site from this post I’m not able to get up and running piwik wp plug in in the same time :frowning:

Any advise much apreciate


Using .htaccess to restrict access
(Fabian Dellwing) #2

What is the API endpoint? If it runs against index.php just add to the index.php block:

<Else>
Require ip <ip of your server>
</Else>

#3

Hi
Thanks for reply,
This not solve authentication issue with piwik wordpress plugin :frowning:

This is my actual htaccess:

<Files "*">
 AuthType Basic
 AuthName "Piwik"
 to be explicit, state the provider
 AuthBasicProvider file
 AuthUserFile "/pathtomymatomo/.htpasswd"
 Require valid-user
</Files>

# Allow external access to piwik.php, matomo.php, piwik.js, piwik.php and robots.txt
<FilesMatch "(^(piwik|matomo)\.(php|js)|robots\.txt)">
 Require all granted
</FilesMatch>

# Allow Opt-Out
<Files "index.php">
 <If "(%{QUERY_STRING} =~ /^module\=CoreAdminHome\&action\=optOut(?!.*module\=)(?!.*action\=)/)">
   Require all granted
 </If>
 <Else>
   Require ip my server ip       
 </Else>
</Files>

When I comment out all <Files “*”> section I can successful login to piwik through piwik wordpress plugin and auth token. But then don’t have auth on my piwik website.
When I turn on this this section then auth works perfectly but piwik wordpress plugin can connect with my token details.


(Fabian Dellwing) #4

Than try to add Require ip <ip of your server> below the Require valid-user.


#5

Tried already without success.
Tried also <RequireAll> <RequireAny> but no success.
When auth is on in htaccess recommended matomo worpress plugin don’t work at all :frowning:


(Fabian Dellwing) #6

Please check in your access log, what IP the calls use.