Manage cookies that are used for advertising, such as ad personalization, remarketing, and ad effectiveness analysis.
2.4.1.2.1. Restricted access mode
Important points:
- When the mode is enabled:
- The site will only be accessible to visitors with IP addresses from the access list.
- The conditions of the IP blacklist do not apply.
- When using CMS auto-install, the IP addresses of the auto-install system may be added to the list. Such addresses are marked with the note "Access to the site for the CMS auto-install system".
Principle of operation
Restricted access mode works like an IP whitelist — when enabled, the site will only be accessible to visitors with IP addresses from the list, all other visitors will get error 403.
flowchart LR
request@{ shape: stadium, label: "➡️ Request" }
subgraph whitelist [🧱 Restricted access mode]
mode@{ shape: diamond, label: "Is restricted
access mode
enabled?" } list@{ shape: diamond, label: "📋 IP
in access list?" } end blacklist@{ shape: rounded, label: "📋 IP blacklist" } firewall@{ shape: rounded, label: "🔥 Firewall" } bots@{ shape: rounded, label: "🤖 Bots" } countries@{ shape: rounded, label: "🌎 Countries" } suspicious@{ shape: rounded, label: "🔍 Suspicious IPs" } iam@{ shape: rounded, label: "🛡️ I'm Under Attack" } site@{ shape: stadium, label: "✅ Site" } error_403@{ shape: stadium, label: "🚫 Error 403" } request-->mode mode-..->|❌|blacklist mode-->|✅|list list-->|✅|firewall list-.......->|❌|error_403 blacklist-.->firewall firewall-.->site firewall-->bots bots-->countries countries-->suspicious suspicious-->iam iam-->site
access mode
enabled?" } list@{ shape: diamond, label: "📋 IP
in access list?" } end blacklist@{ shape: rounded, label: "📋 IP blacklist" } firewall@{ shape: rounded, label: "🔥 Firewall" } bots@{ shape: rounded, label: "🤖 Bots" } countries@{ shape: rounded, label: "🌎 Countries" } suspicious@{ shape: rounded, label: "🔍 Suspicious IPs" } iam@{ shape: rounded, label: "🛡️ I'm Under Attack" } site@{ shape: stadium, label: "✅ Site" } error_403@{ shape: stadium, label: "🚫 Error 403" } request-->mode mode-..->|❌|blacklist mode-->|✅|list list-->|✅|firewall list-.......->|❌|error_403 blacklist-.->firewall firewall-.->site firewall-->bots bots-->countries countries-->suspicious suspicious-->iam iam-->site
In the chain of all site protection stages, restricted access mode comes before IP blocklist and Firewall, bot protection, country access restriction, checking suspicious IPs and I'm Under Attack.
Manage
Management is performed in the "Site protection" section on the "Restricted access mode" tab:
Add IP
Notes:
- Only valid IPv4 and IPv6 IP addresses are added to the list. Invalid ones are ignored.
- IPv6 addresses are automatically truncated and converted to /64 networks when added automatically. The reason is that according to IPv6 allocation rules each device is allocated a /64 subnet rather than a single address. It is the subnets of devices that are blocked, since blocking individual addresses makes no sense (a device owner can allocate a huge number of individual addresses within his subnet).
- Subnets in CIDR format can be added with a mask of any length.
- You can use online calculator for easy calculation of subnets.
- Maximum number of addresses in the list — 1000.
- Click "Add IP".
- Add the addresses to the list and save the changes:
- Add IP to list — adds your current IP address to the list.
- IP list — here you can manually specify single addresses and subnets in CIDR format. Each address from a new line.
- To addresses in the list, you can instantly add notes by separating them with a space.
- Wait 5 minutes for the changes to take effect.
Enable and disable
To enable restricted access mode, click "Enable" and confirm the operation by clicking the button in the window.
To disable, simply click "Disable". No confirmation is required.
(1)