Security /Secure access to sites /

Secure access to sites

Customize how site visitors access your entire site, just parts of your site, or just preview environments of your site, such as Deploy Previews and branch deploys. Optimize site visitor access for gated content, site administration, protected early access to your site for QA, and more.

# Control site access with rate limiting or Firewall traffic rules

Set rate limit rules to enforce for your sites. Learn more about rate limiting.

Set Firewall Traffic Rules to control who can access your site based on their IP address or geographic location. Learn more about Firewall Traffic Rules.

Netlify applies Firewall traffic rules and rate limit rules to a site deploy before other site visitor access features that require login credentials. This means blocked site visitors will encounter an error page before encountering a password or login prompt.

Firewall traffic rules are also applied before any rate limit rules are applied.

# Require password or login credentials

The configuration options below allow you to require site visitors to enter a password or other login credentials before they can access your site.

  • Site Protection. Protect your entire site or just preview environments of your site with a password you control or by requiring site visitors to be Netlify team members and log in with their Netlify team credentials. Site Protection settings are built-in to the Netlify UI for quick adjustment. One of the password protection options was previously called site-wide password protection.
  • Netlify Identity service. Allows you to manage and authenticate users on your site or app, without requiring them to be users of Netlify or any other service. Optimized for gated content, site administration, and more.
  • Git Gateway. Connects your site to a Git provider’s API, allowing tools like a CMS to work with content, branches, and pull requests on your users’ behalf. This feature is in BETA.
  • OAuth provider tokens. Add authentication to your site using GitHub, GitLab, or Bitbucket and Netlify’s built-in support for OAuth2 integration.
  • Role-based access control with JWT. Customize granular access to your site, or to specific pages using JSON Web Tokens (JWT), custom roles you define, and redirect rules to grant access to those sections.
  • Basic authentication with custom HTTP headers. Configure basic authentication for your site to protect just one or more sections of your site using Netlify’s custom HTTP header support. Unlike the Site Protection password options, you can set multiple passwords for your site. Formerly called Selective password protection.

For more help figuring out the best option for your use case, check out the official Support guide Access control options for your Netlify sites.