Cannot whitelist htaccess blocked admin URL

All we need is an easy explanation of the problem, so here it is.

Trying to whitelist the blocked admin URL for the outside world from htaccess but not working.

The below code worked in Magento 1. I have added this in my root_directory/pub/.httaccess.

RewriteCond %{REMOTE_ADDR} !^
RewriteRule ^(index.php/?)?(admin|rss|downloader) - [L,R=403]

This is blocking the URL but not whitelisting to my office IP. Any suggestions?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Finally got it working. So the problem was that Magento 2‘s remote address was always This is I believe because of varnish.

So I had to use x forwarded for. Firstly you may need to implement x-forwarded-for in Magento 2. Learn here:

Then below code will work:

RewriteCond %{HTTP:X-FORWARDED-FOR} !^
RewriteRule ^(index.php/?)?(admin|rss|downloader) - [L,R=403]

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply