Experimental project

This is a sandbox project, which contains experimental code for developer use only.

This module's functionality is available in the HTTP Cache Control module. Please use this module instead.

This is a really simple module that allows you to lockdown access to your site by only responding to requests that contain a valid secret inside a custom HTTP header.

The primary purpose of this is to lockdown access to Drupal for use with Web Application Firewalls (WAF). Since a WAF is to protect your site, it can only do so if traffic does not bypass it and so this module's design is to deny unauthorised requests.

This module does require some setup with the WAF to forward the shared secret header.

This is better than IP whitelisting

  • IP Whitelists are cumbersome to manage and don't scale well
  • Left unmaintained, IP whitelists can become security holes
  • IP whitelists can open up entire IP ranges (e.g. network offices) when only explicit users require access

Project information

  • caution Minimally maintained
    Maintainers monitor issues, but fast responses are not guaranteed.
  • caution Obsolete
    Use of this project is deprecated.
  • Module categories: Security
  • Created by Josh Waihi on , updated