2.4.1.14. Access limitation

The settings for restricting access to the site for IP addresses and countries are managed in the section "Access restriction":

Using automatic installation of CMS the IP addresses of the autoinstallation system can be added to the allowed list. Such addresses have a note "Access to the site for the CMS autoinstallation system".

The tab configures access to the site for different IP addresses and address ranges:

Operating modes:

  • "Allow access to everyone except the specified addresses" — the site will be available to everyone, except for visitors with the addresses specified in the list — they will receive answer 403.
  • "Allow access only from specified addresses" — the site will be available only to visitors with the addresses specified in the list, the rest will receive answer 403.

Notes:

  • Only valid IPv4 and IPv6 IP addresses are added to the list. Invalid ones are ignored.
  • IPv6 addresses when added are automatically cut and converted to net /64. The reason is that according to IPv6 distribution rules, each device is allocated not a single address, but a /64 subnet. It is the subnetworks of devices that are blocked, since blocking individual addresses does not make sense (the owner of the device can allocate a huge number of individual addresses within his subnet).
  • Subnets in CIDR format can be added with a mask of any length.
  • For the convenience of calculating subnets, you can use onlinecalculator.
  1. Click "Add IP".
  2. Add addresses to the list and click "Save":
    • "Add IP to the list" — adds your current IP address to the list.
    • "Add the entire network to the list" — adds to the list the subnet of your current provider in CIDR format.
    • "IP List" — here you can manually specify single addresses and subnets in CIDR format. Each address is on a new line.
  3. Wait approximately 15 minutes for the changes to take effect.

The tab configures access to the site for visitors from different countries:

Operating modes:

  • "Allow access to everyone except specified countries" — the site will be available to everyone, except for visitors from the countries specified in the list — they will receive answer 403.
  • "Allow access only from specified countries" — the site will be available only to visitors from the countries specified in the list, the rest will receive answer 403.

Option "Do not block bots" allows skipping requests from trusted bots. The check is performed by User-Agent. The list of trusted bots can be viewed in the tooltip when hovering over the icon ℹ️.

To add countries, expand the drop-down list and click on the names of the required countries. To remove restrictions, click ✖️ next to the names of previously selected countries.

Content