Lovingly crafted by Selvin Ortiz for Craft CMS
Patrol simplifies maintenance and SSL for sites built with Craft
- Put your site on maintenance mode quickly and easily
- Force SSL globally or on specific pages with fine grain control
- Uses IP based authentication to bypass maintenance mode
- Allows IP based authentication even if behind CloudFlare
- Allows logged in admins to bypass maintenance mode
- Allows logged in users with proper permissions to bypass maintenance mode
- Fully configurable via environment configs
- Download the latest release
- Extract the archive and place
patrol
inside yourcraft/plugins
directory - Adjust file permissions as necessary
Patrol offers a pretty straight forward but fully featured UI to adjust settings as needed.
Additionally, you can fully configure Patrol via environment configs which will take priority.
You can configure Patrol and all of its settings from any environment definition. Here is an example of how you could go about setting that up...
// config/general.php
return array(
'*' => array(
'environmentVariables' => array()
),
'.dev' => array(
'patrol' => array(
'forceSsl' => false,
)
),
'.com' => array(
'patrol' => array(
'forceSsl' => true,
'restrictedAreas' => array(
'/{cpTrigger}',
'/members'
),
'maintenanceMode' => false,
'maintenanceUrl' => '/offline.html',
'authorizedIps' => array(
'127.0.0.1',
),
'enableCpTab' => false
'pluginAlias' => '',
)
)
);
- If no maintenance URL is set, Patrol will default to throwing a 403 HTTP error
- The Control Panel is accessible by logged in admins if maintenance mode is ON
- The Control Panel is accessible by users with proper permissions if maintenance mode is ON
- You can add their IP to the list of Authorized IPs
- You can give them permission (
Patrol > Access the site when maintenance is on
- Logged in users with admin privileges have full access by default
2. Will IP authentication work if my site is behind CloudFlare?
- Yes, CloudFlare provides the requesting IP via a header that Patrol understands
- Yes, but it's meant for internal use only to handle updates
Please note that these questions/answers only apply if you don't want to enable SSL everywhere for whatever reason. However, forcing SSL everywhere is now standard practice and it is what I would recommended you do.
- You can simply add the URL for it (/admin) or use
/{cpTrigger}
so that it works even if you change that setting later
- You can add something like
/members/login
to the Restricted Areas
- You can add the section URL
/members
and URLs on that scope will be protected as well
If you have questions, comments, or concerns feel free to reach out to me on twitter @selvinortiz
Patrol for craft is open source software licensed under the MIT License