.htaccess to PayPal & PayPal Sandbox

Question

For testing on my pre-live site, I'd like to allow only my own IPs and PayPal Sandbox.

For production, I'd like to allow only PayPal to my IPN listener.

I can restrict in .htaccess to my IPs, but including paypal.com causes 403 in the IPN generator on the SandBox.

I understand this may be a security issue for PayPal, but I'd like it anyway if possible.

John Siu · Accepted Answer · 2012-11-08T02:37:23.353

1

If you are testing with paypal sandbox, your .htaccess allow should look like follow

    Allow from .paypal.com

That should allow incomming connection from all machine with *.paypal.com RDNS.

You maybe missing the "dot" before paypal.

If using LiteSpeed web server try following

    Allow from 173.0.82.126

That is IP for ipn.sandbox.paypal.com. Also check your server log and see what IPs are being reject.

edited Nov 08 '12 at 02:37

answered Nov 08 '12 at 02:04

John Siu

score 0 · Answer 2 · answered Nov 02 '16 at 09:13

0

A little update for Apache 2.4: the new directive should be:

Require host .paypal.com

Or, if you need the ip:

Require ip 173.0.82.126

If you are still using 2.2, IGNORE this and keep using the old syntax, as shown by John Siu's answer.

answered Nov 02 '16 at 09:13

Erenor Paz

2 Answers2