Magento Development Basics
Symlinks in Magento 2
What is the Dependency inversion principle and how it is used in Magento 2?
Magento & Dev Environment Setup
Uses and configuration of LiveReload on Magento 2
Magento 2 frontend tools for developers
How to use grunt in Magento 2?
Theme development
How to exclude specific js files from minify?
How to call the helper method in phtml template file?
Easiest way to load your custom JS Component in Magento 2
Theme Development Best Practices
How to extend existing jquery widget in Magento 2?
How to add a link in the top menu in Magento 2
How to add a link in your account navigation for Magento 2?
How to add non-category link to navigation menu in Magento 2?
How to use Private Content or Sections in Magento 2?
How to call custom phtml in admin product ui-component form in Magento 2?
How to add a static block in a sidebar column Magento 2?
How to show description of the product in wishlist phtml file?
How to add variables for Magento 2 templates?
How to create a custom widget in Magento 2?
How to create a new custom tab in the product detail page in Magento 2?
Remove unnecessary link from My Account in Magento 1
Difference between attributes remove and display true|false in the layout
Magento Customization & Extension Development
How to Override Reorder Functionality in Magento 2 by Disabling Core Plugin?
How can I check which final preference class is used for any particular class?
What are the main benefits of the all new PHP 7.2 for Magento sites?
How to create REST API in Magento 2?
How to Configure URL Rewrites in Magento 2?
How to use curl in Magento 2
How to create a new router in Magento 2?
Display Custom Product Price
How to set a custom price programmatically when adding a product to the cart in Magento 2?
How to use a custom price template in Magento 2?
CLI
How to setup and remove cron using CLI in Magento 2?
How to change the Magento 2 configuration from the CLI command?
How to check your code is compatible with PHP?
Recurring setup script in Magento 2
Admin Panel Configuration & Customization
How to display a custom admin system notification in the admin panel Magento 2?
How to change PAD length in order increment number in Magento 2?
How to setup configuration setting for a module in Magento 2?
How to attach a file in product admin form and display attachment in product detail page in Magento 2?
How to create system.xml configuration in Magento 2?
How to create a custom tab and call custom phtml in admin category form in Magento 2?
How to add a custom button in the admin product ui-component form in Magento 2?
How to display EAV attribute data in Magento custom grid?
Add view button in admin grid to open a view page in slide window in Magento 2
Translation
How to generate a translation dictionary of a module in Magento 2?
Multi Store Configuration, Store Management
How to create multiple websites in Magento 2?
How to create and use language-pack component in Magento 2?
How to convert the price from one currency to another in the Magento 2?
Store Configuration
How to setup Refer Email to a Friend in the Magento 2?
How to Set Up Magento 2 RSS Feed?
How to send order email to a custom email address?
How to Configure Magento 2 Swatches?
Account Page
How to remove unnecessary customer account links in Magento 2?
Cache Management
How to use cache-clean.js watcher utility in Magento 2?
How to Add block to cache in Magento 2
How to get customer session data when a cache is enabled in Magento 2?
How to check customer is logged in or not when a cache is enabled in Magento 2
Category and Product customization
How to Prevent/omit Category Path from Product URL to Access The Product Page?
How to add a column to the tier price in Magento 2 admin?
Which search engine I can choose among the Sphinx/Solr/Elasticsearch?
Taxation Setup
How to Set Up Tax Rules in Magento 2?
Shipping Method
Add Grand total in the shopping cart rule condition
How to setup Free Shipping in Magento 2?
How to create a shipping method in Magento 2?
Payment Method
How to Add a Custom Payment Method to Magento 2 Checkout?
How to setup Authorize.net in Magento 2?
Checkout Customization
How to move telephone field in Checkout for Magento 2 sites?
Email Queue
How Does Email Queue Works in Magento?
Secure Direct Access of cron.php File from the Browser
Security
How to install Magento SUPEE-11086 patch
How to Enable 2FA Google Authenticator in Magento 2.3.x
Magento Application Testing
How to generate data for performance testing in Magento 2?
e-commerce
The Best Domain Extension for eCommerce – 11 Extensions to Choose From
Chapters Close

Secure Direct Access of cron.php File from the Browser

banner-Secure-direct-access-of-cron.php-file-from-the-browser

Magento forbids direct access of cron.php file manually from the browser by default via .htaccess if you are using an Apache web server.

Copy Code
## Deny access to cron.php
<Files cron.php>
############################################
## uncomment the lines below to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.
        #AuthName "Cron auth"
        #AuthUserFile ../.htpasswd
        #AuthType basic
        #Require valid-user
############################################
        Order allow,deny
        Deny from all
</Files>

To run Cron directly from the browser, we would have to update .htaccess file before calling the “yoursite.com/cron.php” URL from the browser.
For that, you need to comment out these two lines below:

Copy Code
#Order allow,deny
#Deny from all

What is important here is that if you don’t secure cron.php file using HTTP authorization, any user could potentially run Cron by requesting the “http://example.com/cron.php” URL to attack your Magento application.
From the security perspective, it’s very important to uncomment these lines after generating the .htpasswd file:

Copy Code
AuthName "Cron auth"
AuthUserFile ../.htpasswd
AuthType basic
Require valid-user

There are many online tools available to easily generate .htpasswd.

Just be sure about the path of the .htpasswd file. You can easily find its path using the pwd command in the console. Run the command from the directory where the .htpasswd file is placed.

It’s important to place the .htpasswd file somewhere that is not accessible from the web. This is so that folks cannot download the .htpasswd file.

Sometimes developers skip the HTTP authorization step. This omission allows third parties to access the cron.php file directly from the URL.

Always secure your cron.php file with proper .htpasswd placement to prevent unauthorized direct access of cron.php file and protect your Magento store.

Cheers!

Previous Case Study How Does Email Queue Works in Magento? Previous
View All Blog View All Blog View All
Next Case Study How to install Magento SUPEE-11086 patch Next
Speak your Mind

Post a Comment

Got a question? Have a feedback? Please feel free to leave your ideas, opinions, and questions in the comments section of our post! ❤️

* This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You May also like

Related Blog

how-email-queue-works-in-magento

Apr 2nd, 2018

3 min to read

How Does Email Queue Works in Magento?
banner-Add-Custom-Validation-Rule-in-Magento-2

Apr 10th, 2018

5 min to read

Add Custom Validation Rule in Magento 2
export-specific-tables-from-mysql-database

May 30th, 2018

1 min to read

Export specific Magento tables from MySQL database

Grow your online business like 2,746 subscribers

    * This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    envelope

    Thank You!

    We are reviewing your submission, and will be in touch shortly.