Configure HTTP access control

When developing your site, you might want to hide your development environments from outside viewers. Or you may find you have performance issues from excessive bot access. You can control access either with a username and password or by allowing/denying specific IP addresses or networks. This setting applies to the entire environment.

The settings for a specific environment are inherited by all of its children. So if you have a staging environment and you branch environments from it, all of the environments branched from it inherit the same authentication information.

Changing access control triggers a new deploy of the current environment. The changes don’t propagate to child environments until they’re redeployed manually.

Use a username and password 

You can set up one or more combinations of a username and password. To add a username and password, follow these steps:

  • Select the project where you want to add login details.
  • From the Environment menu, select an environment.
  • Click Settings.
  • In the row with HTTP access control, click Edit .
  • Click + Add Login.
  • Enter the username (login) and password into the given fields.
  • Click Save.

Run the following command:

platform environment:http-access -e <ENVIRONMENT_NAME> --auth <USERNAME>:<PASSWORD>

For example, to add the username name with the password 12321 to the test environment, run:

platform environment:http-access -e test --auth name:12321

Filter IP addresses 

You can control access to environments by allowing or denying specific IP addresses or ranges of IP addresses. The addresses should be in the CIDR format. Both4.5.6.7 and 4.5.6.0/8 are accepted formats.

Note that allow entries should come before deny entries in case they both match.

For example, the following configuration allows only the IP 198.51.100.0 to access your website.

198.51.100.0 allow
0.0.0.0/0 deny

To control access based on IP address, follow these steps:

  • Select the project where you want to control access.
  • From the Environment menu, select the environment to control.
  • Click Settings.
  • In the row with HTTP access control, click Edit .
  • Enter the IP addresses or ranges into the IP addresses field. Put one address or range per line, followed by a space and then allow or deny.
  • Click Save.

Run the following command:

platform environment:http-access -e <ENVIRONMENT_NAME> --access allow:<IPS_TO_ALLOW> --access deny:<IPS_TO_DENY>