Allowing web access to forbidden directories

By default, the security rules on MageStack prevent web access to important Magento directories. For example, if you need to access a file via a web browser in ./var/export - you'll see a 403 Forbidden message.


Granting access by IP

Using some Nginx rules, its possible to permit access to the var directory. Use an obscure URL to hide the directory (if desired), in this example, /secure has been used in place of /var.

In ___general/ add the following,

location ~* ^/(secure|var)/(?<directory>(export)) {
  rewrite ^/([^/]+)/([^/]+)/(.*)$ /var/$2/$3 break;
  deny all;

Add more IP addresses to the access list by adding the following line (repeat as many times as necessary),


Then access the new URL, Eg.