Add an IP Address to a Fastly ACL via the CLI with Magento

Published: July 20, 2023


Recently I was in a bit of a pickle on a new Magento project that my company was taking over.

Access to the staging site was restricted via Fastly. I had SSH access to the environment, but my IP address was not allowed via the ACL, so I couldn’t connect to the website’s backend UI to grant myself access.

I wound up figuring out how to manage this via the CLI. Since I struggled a bit with figuring this out I figured I’d shared my findings here.

The Endpoint to Call

IP addresses can be added to an ACL via the “Create an ACL entry” resource.

The request looks like this

POST /service/[service_id]/acl/[acl_id]/entry

The IP address is then passed in the request body along with other parameters such as a comment

Figuring Out The Service ID

Assuming you are using Magento Cloud the Service ID (and Fastly Key) can be found in the /mnt/shared/fastly_tokens.txt file. “API Token” is the FASTLY_KEY and “Serivce ID” is the SERVICE_ID.

Finding the ACL ID

First, get the active version. You can do this as follows, assuming you have jq installed.

# Get the active version. In this example 105 is active
$ curl --silent -H "Fastly-Key: FASTLY_KEY" \
  | jq '.[] | if .active then .number else empty end'

Next review the list of ACLs for that version

$ curl --silent -H "Fastly-Key: FASTLY_KEY" | jq

Here you will find the id of the ACL you want to append to

Adding the IP

You can certainly issue a curl request, but another option is to do this with n98-magerun2 dev:console, which is how I did it. The commands I ran looked like this…

$ XDG_CONFIG_HOME=~/var/ var/n98-magerun2.phar dev:console
>>> $api = $di->get('Fastly\Cdn\Model\Api')
>>> $api->upsertAclItem(ACL_ID, IP_TO_INSERT, null, COMMENT)

Max Chadwick Hi, I'm Max!

I'm a software developer who mainly works in PHP, but loves dabbling in other languages like Go and Ruby. Technical topics that interest me are monitoring, security and performance. I'm also a stickler for good documentation and clear technical writing.

During the day I lead a team of developers and solve challenging technical problems at Rightpoint where I mainly work with the Magento platform. I've also spoken at a number of events.

In my spare time I blog about tech, work on open source and participate in bug bounty programs.

If you'd like to get in contact, you can find me on Twitter and LinkedIn.