Maintenance VIP

The Maintenance VIP module allows site administrators to grant bypass access to a Drupal site in maintenance mode using a secure, shareable URL. This is ideal for giving clients, stakeholders, or QA teams temporary access to review a site before launch, without requiring them to have a user account or log in.

Features

• Simple URL bypass: Access the site via /vip/{your-token}.
• Secure sessions: Generates an HTTP-only, secure cookie valid for 24 hours to prevent hijacking.
• Easy logout: Users can drop their VIP session by visiting /vip-logout.
• Proxy friendly: Works flawlessly behind Nginx, Varnish, or CDNs since it integrates directly with Drupal's maintenance mode service decorator.

Post-Installation

Once installed, no complex permissions or cache rebuilds are needed to manage the token.

1. Navigate to Configuration > development > Maintenance VIP (/admin/config/development/maintenance-vip).
2. Scroll down to the new Maintenance VIP Token field.
3. Enter a secure, unique string (e.g., client-review-2026) and save the configuration.
4. Enable Maintenance mode as usual.
5. Share your link (https://yoursite.com/vip/client-review-2026) with your testers.

Additional Requirements

This module is self-contained. It requires no additional external libraries or contributed modules.

Similar projects

Modules like Maintenance Allow IP or similar IP-whitelisting solutions exist. However, whitelisting IPs is often problematic and time-consuming when clients are on mobile networks, corporate VPNs, or dynamic IPs. Maintenance VIP solves this by using a token-based approach, making it much more flexible for non-technical users while keeping the site locked.

Supporting this Module

Feel free to open issues, feature requests, or provide patches in the project's issue queue.