Use-case
There are two scenarios under which you want to receive requests from us with a static IP or use Basic Auth protection:
- Private (staging / dev) environments that are not open to the public.
- CDNs that use Captchas that must be disabled for our service to work.
We recommend using IP whitelisting rather than Basic Auth where possible. Even if you are using Basic Auth to protect your sites it's still easier to setup, easier to maintain and more performant to add an exception for Basic Auth for our IPs than using Basic Auth on top of the regular Sync Core <> Site authentication Flow. Only use this in cases where you don't have the option to whitelist our IP addresses, e.g. because your hosting provider doesn't allow you to add exceptions.
Public IPs
Depending on the Sync Core region you are using, the following IP addresses must be whitelisted:
- Sync Core EU
- 63.34.184.33
- 63.35.18.137
- Sync Core US
- 3.222.171.239
- 34.205.151.183
To further increase security, we recommend to restrict access from those domains to our REST routes only, all starting with /rest/cms-content-sync
.
Basic Auth
If you can't exclude our IP addresses from Basic Auth you can also configure Content Sync to send Basic Auth headers to your sites on top of the default authorization that we use. But this requires specific steps to be taken per site and they have to be done in the order described below:
- Select Cookie as the authentication method for Content Sync in the Settings tab and hit Save.
- Completely disable the basic_auth module on your site.
- Clear the Drupal cache.
- Re-register the site.
- Visit the Site tab and follow the Re-register link, then hit Register and Continue.
- Open the Site tab and at Basic Auth protection select Edit and enter your Basic Auth credentials, then Save.
After switching this on be sure to run a test e.g. by pushing or pulling content at this site.