HTTP Security Firewall



Magento Platform
Open Source (CE)
2.1, 2.2, 2.3

Tech Specifications

Current Version:
Stable Build
25 July, 2019
Extensions, Payments & Security
Supported Browsers:
Chrome Linux: 42, 43, 44 Mac: 39, 44 Windows: 39, 40, 42, 43, 44 Firefox Linux: 31, 38, 39, 40, 41 Mac: 31, 38, 39, 40, 41 Windows: 31, 38, 39, 40, 41 Opera Linux: 7, 7.1, 8, 9 Mac: 7, 7.1, 8, 9 Windows: 7, 7.1, 8, 9 Safari Linux: 7, 7.1, 8, 9 Mac: 7, 7.1, 8, 9 Windows: 7, 7.1, 8, 9 Edge Windows: 42 IE Windows: 10, 11, 8, 9
License Type:


Firewall extension for Magento 2 is the best security extension to protect your Magento store from hackers and security vulnerabilities.


Back to top

Our team believes that security and stability are the most important parts of any growing Magento e-Commerce business. That is why we've built HTTP Security Firewall for Magento 2 that increases security and stability dramatically to protect your business from server downtime, server overload, customers' data leaks, brute force attacks, and other security threats.  It becomes possible as the extension creates an additional layer of protection and raises Magento security and performance to a completely new level.

Our extension is not only a great security tool but also a logging and notification system that tracks all admin logins and their activities in the admin panel. HTTP Security Firewall sends e-mail and SMS notifications if anything goes wrong, for example, multiple failed login attempts at the admin panel or the slowing down of the website due to the enormous workload to the server.



  • Security Checklist - Scans your website for security issues and helps to fix them.
  • Code Sniffer - Magento 2 source code scanner, scans extensions for: SQL injections, use of dangerous function and not quality code.
  • DOS Attack Detection - Monitors users, bots and hackers HTTP requests, allows analyzing who makes a large number of requests and take actions against them.
  • Server Load - Tracks server performance and detects if the website works slowly.
  • Black & White IP lists - Grants or denies access to the website for specific IPs or IP ranges.
  • Country Blocker - Grants or denies access to the website for whole countries.
  • Admin Login Logs - Tracks logins to the admin panel, detects brute-force attacks.
  • Sends E-mails and SMS notifications in case of emergency situations.
  • Fully compatible with cloud proxy servers like Amazon CloudFront or Cloudflare.
  • Serves search engines like Google, Yahoo, Bing, Baidu, etc as the topmost priority.
  • Reduces the risk of hacker attacks and other online threats.


Advantages Of Using Security Firewall:

Security Checklist

This tool allows you to scan your server & Magento 2 configuration to detect security issues. "Security Checklist" detects issues, explains why these issues should be fixed and gives suggestions/instructions on how to fix them. It is a great tool for website administrators and web developers to make the basic scan quickly to understand the current security situation. 

Source Code Sniffer

Build-in into firewall official Magento 2 code scanner allows automatically scan third party extensions for potential security issues and poor quality of code. If you have dozens of third party extensions installed, this tool will show you which ones meets Magento 2 code standards. Code sniffer helps to check code for potential risks of SQL injection, use of dangerous functions (like system(), exec(), base64, etc.), find not effective code constructions and test on dozens of other M2 requirements. This tool will help you to discover potentially insecure extensions or infected ones with malware.

DOS Attack Detection

You can monitor HTTP requests made to Magento 2 during selected period of time. You will be always informed about who makes HTTP requests to Magento and reduces server performance or crawl/steal website content without your permission. You can see the list of IP addresses, hostnames, countries and the number of all HTTP requests made by them. So, if you notice that somebody makes hundreds of requests per minute, you can research this situation in more detail and take action against this person or IP.


Server Load Tracking

You can monitor server load in real time and look through server load history.  You can detect if the server was overloaded at some point or DOS attacks were run against your server. Charts allow you to analyze situations quickly and react to issues with the help of other "blocking" security tools. 


Block Unwanted Crawlers

Researches show that up to 70% of websites traffic is made by unwanted bots and crawlers that scan your store to steal content or look for security vulnerabilities.  With this security extension, you can monitor and block these bots and crawlers by IP, country or "User-Agent" header to make your Magento 2 store even more secure. HTTP Security Firewall is very smart. It detects "white" crawlers of Google, Bing, Yahoo, and other search engines, so that they always will be able to access Magento with higher priority. 


Black & White IP Lists

The firewall allows blocking specific IP addresses or IP ranges.  So, if with the help of other tools you detect a possibly dangerous IP address, you can simply deny access using blacklist.

You can also add your IP address and IPs of your colleagues to the white list so that these IPs addresses will be always served on a priority basis and won't be blocked in any case. It is also very useful for monitoring. You will be informed about IP addresses from the white list so that you can pay less attention to them.


Country Blocker

If your store doesn't serve some countries it is a good idea to forbid their access to your store. It will help you to block dozens of unwanted bots/crawlers, decrease hackers’ activities and reduce server load. We are sure that you have heard of countries which are "leaders" in hacking activities. So if you don't make shipping to those countries, it is a good idea to block them as well.


Admin Login Logs

You can keep tracking who accesses your Magento admin panel. HTTP Security Firewall tracks logins, time, country, IP address, success & failed login attempts. So, if you suspect that there is a chance of unauthorized access to the admin panel, you will have all the required information to investigate this situation and to find this person.


Receive Email and SMS Notifications

You can receive notifications if anything goes wrong, e.g. server going through enormous load and website working slowly or a "brute force" attack to admin panel is detected.


Compatible with Front Proxy Servers 

If your server is hidden behind front proxy servers like Amazon CloudFront, Cloudflare or any other, the firewall can be configured to work with them. Just specify the inner IP address of the proxy server in the settings and firewall will complement a set of security tools for your website.


Reduce Risk of Attacks 

Our HTTP Security Firewall is evolving and our team reacts fast to new security threats by launching new updates. We work hard to make your store more secure so that you don't have to worry about security and can focus on more important things.

Release Notes

Back to top


  • Compatible with Open Source (CE) : 2.2 2.3
  • Stability: Stable Build
  • Description:

    Added "Code Sniffer", "Admin Actions Logs" and improved DOS detection.


  • Compatible with Open Source (CE) : 2.2 2.3
  • Stability: Stable Build
  • Description:

    Added "Code Sniffer" feature. Fixed a few minor bugs


  • Compatible with Open Source (CE) : 2.1 2.2 2.3
  • Stability: Stable Build
  • Description:

    1. Added "Security Checklist" tool.
    2. Added support of front proxy servers (like cloudflare).
    3. Added support of Magento 2.3
    4. Added blocker by User-Agent HTTP header.
    5. Improved "Server load & DOS Detection" tool.


  • Compatible with Open Source (CE) : 2.1 2.2
  • Stability: Stable Build
  • Description:

    Added new features:
    - Notifications
    - Admin Login Logs


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top