Yes, while it is impractical to white-list our callbacks by IP address. All of our callbacks have the user agent header of
GrabzIt therefore you can use .htaccess or some other method to block all HTTP requests to your handler except from those with the
GrabzIt user agent.
Here is an example for htaccess:
SetEnvIf User-Agent .*GrabzIt* grabzit
Deny from all
Allow from env=grabzit
The callback is the only direct communication between our capture servers and your app. All other communication should go through our web servers.