From 71ae218bfda51eb235789979fb753d65b211832e Mon Sep 17 00:00:00 2001 From: Jonathan Visser Date: Fri, 7 Mar 2025 15:21:49 +0100 Subject: [PATCH 1/2] Add whitelisting based on User Agent and IP --- ...tication-on-hypernode-development-plans.md | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md b/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md index 5f8325c0..17a09c36 100644 --- a/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md +++ b/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md @@ -48,10 +48,6 @@ To whitelist an IP address from basic authentication, you can add it to the geo To find out the IP's that need to be whitelisted, please contact the external service provider, or [check your access logs](../../troubleshooting/performance/general-troubleshooting.md) to see what IP's are accessing the website. -### Whitelist a User Agent - -To whitelist a specific user agent you can add it to the User Agent whitelist map in the whitelist file. We suggest whitelisting a specific term, such as the bot name, or the domainname used in the the user agent, using a regex pattern. - ### Whitelist an URL To whitelist a specific URL you can add it to the url whitelist map in the whitelist file. Please note that the whitelist is based on the entire URL, including any arguments. As such, we advise using a regex pattern when whitelisting. @@ -115,6 +111,24 @@ map $uri_whitelist$ip_whitelist $development_exceptions { - We use a geo directive to define `$ip_whitelist`, which checks if the visitor's IP address is whitelisted. If so, we set it to 1, otherwise to 0. - We combine `$uri_whitelist` and `$ip_whitelist` in a new map that defines `$development_exceptions`. Depending on whether the IP address or URI path is whitelisted, access without basic auth is allowed ("off"). + +### Whitelisting Based on IP and User Agent + +To create a whitelist based on two components: URL and User Agent. +In the **nginx** file named **whitelist-development-exception.conf**, you should use the following configuration: + +```nginx +geo $ip_whitelist { + default "Development restricted area"; + # 1.2.3.4 1; # IP address whitelist +} + +map $http_user_agent $development_exceptions { + default $ip_whitelist; + ~*(Klaviyo) "off"; +} +``` + ## Troubleshooting - Google Pagespeed analysis uses the Google bot user agent and can therefore not be used on development nodes. From 576ffdcf4e2b7f6938a0da6994bcaa9eab5e152b Mon Sep 17 00:00:00 2001 From: Jonathan Visser Date: Fri, 7 Mar 2025 15:28:30 +0100 Subject: [PATCH 2/2] mdformat --- .../nginx/basic-authentication-on-hypernode-development-plans.md | 1 - 1 file changed, 1 deletion(-) mode change 100644 => 100755 docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md diff --git a/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md b/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md old mode 100644 new mode 100755 index 17a09c36..cc9031f7 --- a/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md +++ b/docs/hypernode-platform/nginx/basic-authentication-on-hypernode-development-plans.md @@ -111,7 +111,6 @@ map $uri_whitelist$ip_whitelist $development_exceptions { - We use a geo directive to define `$ip_whitelist`, which checks if the visitor's IP address is whitelisted. If so, we set it to 1, otherwise to 0. - We combine `$uri_whitelist` and `$ip_whitelist` in a new map that defines `$development_exceptions`. Depending on whether the IP address or URI path is whitelisted, access without basic auth is allowed ("off"). - ### Whitelisting Based on IP and User Agent To create a whitelist based on two components: URL and User Agent.