SUMMARY

Version
Import config
Global config
Services config
File manager
Export config
Integrations

Delete service

Are you sure you want to delete service and related settings ?
This action can't be undone.

Professional services

We offer professional services related to BunkerWeb like consulting, support, custom development and partnership.

You can visit the BunkerWeb Panel or contact us to get more information.

Community

Be part of the BunkerWeb community !

CURRENT VERSION IS v1.5.6

Need another version ?

v1.5.6 v1.5.5 v1.5.4 testing v1.5.3 v1.5.2 v1.5.1 v1.5.0 v1.5.0-beta

IMPORT CONF.TXT FILE

Current config will be replace by the upload one

file

click or drag and drop

Info

Error! Impossible to read upload file.

Info

Success! Config is now imported.

Info

Loading! Currently setting import config.

GLOBAL CONFIG

filter global config

GENERAL

General config : HTTP, DNS, LOG, API...

1.5.6

nginx prefix

Where nginx will search for configurations.

NGINX_PREFIX

nginx prefix is invalid and must match this pattern: ^(\/[\-\w.\s]+)*\/$

HTTP port

HTTP port number which bunkerweb binds to.

HTTP_PORT

HTTP port is invalid and must match this pattern: ^\d+$

HTTPS port

HTTPS port number which bunkerweb binds to.

HTTPS_PORT

HTTPS port is invalid and must match this pattern: ^\d+$

Multisite

Multi site activation.

MULTISITE

Multisite is invalid and must match this pattern: ^(yes|no)$

Worker processes

Number of worker processes.

WORKER_PROCESSES

Worker processes is invalid and must match this pattern: ^(auto|\d+)$

Open files per worker

Maximum number of open files for worker processes.

WORKER_RLIMIT_NOFILE

Open files per worker is invalid and must match this pattern: ^\d+$

Connections per worker

Maximum number of connections per worker.

WORKER_CONNECTIONS

Connections per worker is invalid and must match this pattern: ^\d+$

Log format

The format to use for access logs.

LOG_FORMAT

Log format is invalid and must match this pattern: ^.*$

Log level

The level to use for error logs.

DNS resolvers

DNS addresses of resolvers to use.

DNS_RESOLVERS

DNS resolvers is invalid and must match this pattern: ^(?! )(( *[^ ]+)(?!.*\2))*$

Datastore memory size

Size of the internal datastore.

DATASTORE_MEMORY_SIZE

Datastore memory size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Cachestore memory size

Size of the internal cachestore.

CACHESTORE_MEMORY_SIZE

Cachestore memory size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Cachestore ipc memory size

Size of the internal cachestore (ipc).

CACHESTORE_IPC_MEMORY_SIZE

Cachestore ipc memory size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Cachestore miss memory size

Size of the internal cachestore (miss).

CACHESTORE_MISS_MEMORY_SIZE

Cachestore miss memory size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Cachestore locks memory size

Size of the internal cachestore (locks).

CACHESTORE_LOCKS_MEMORY_SIZE

Cachestore locks memory size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Activate API

Activate the API to control BunkerWeb.

USE_API

Activate API is invalid and must match this pattern: ^(yes|no)$

API port number

Listen port number for the API.

API_HTTP_PORT

API port number is invalid and must match this pattern: ^\d+$

API listen IP

Listen IP address for the API.

API_LISTEN_IP

API listen IP is invalid and must match this pattern: ^.*$

API server name

Server name (virtual host) for the API.

API_SERVER_NAME

API server name is invalid and must match this pattern: ^[^ ]{1,255}$

API whitelist IP

List of IP/network allowed to contact the API.

API_WHITELIST_IP

API whitelist IP is invalid and must match this pattern: ^(?! )( *(((\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3})(\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d))(\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\D\2([^\d\/]|$)) *)*$

Use IPv6

Enable IPv6 connectivity.

USE_IPV6

Use IPv6 is invalid and must match this pattern: ^(yes|no)$

Timers log level

Log level for timers.

Antibot 1.0

Bot detection by using a challenge.

Auth basic 1.0

Enforce login before accessing a resource or the whole site using HTTP basic auth method.

Bad behavior 1.0

Ban IP generating too much 'bad' HTTP status code in a period of time.

Blacklist 1.0

Deny access based on internal and external IP/network/rDNS/ASN blacklists.

Blacklist IP/network URLs

List of URLs, separated with spaces, containing bad IP/network to block.

BLACKLIST_IP_URLS

Blacklist IP/network URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist reverse DNS URLs

List of URLs, separated with spaces, containing reverse DNS suffixes to block.

BLACKLIST_RDNS_URLS

Blacklist reverse DNS URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist ASN URLs

List of URLs, separated with spaces, containing ASN to block.

BLACKLIST_ASN_URLS

Blacklist ASN URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist User-Agent URLs

List of URLs, separated with spaces, containing bad User-Agent to block.

BLACKLIST_USER_AGENT_URLS

Blacklist User-Agent URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist URI URLs

List of URLs, separated with spaces, containing bad URI to block.

BLACKLIST_URI_URLS

Blacklist URI URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist ignore IP/network URLs

List of URLs, separated with spaces, containing IP/network to ignore in the blacklist.

BLACKLIST_IGNORE_IP_URLS

Blacklist ignore IP/network URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist ignore reverse DNS URLs

List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.

BLACKLIST_IGNORE_RDNS_URLS

Blacklist ignore reverse DNS URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist ignore ASN URLs

List of URLs, separated with spaces, containing ASN to ignore in the blacklist.

BLACKLIST_IGNORE_ASN_URLS

Blacklist ignore ASN URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist ignore User-Agent URLs

List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist.

BLACKLIST_IGNORE_USER_AGENT_URLS

Blacklist ignore User-Agent URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Blacklist ignore URI URLs

List of URLs, separated with spaces, containing URI to ignore in the blacklist.

BLACKLIST_IGNORE_URI_URLS

Blacklist ignore URI URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Brotli 1.0

Compress HTTP requests with the brotli algorithm.

BunkerNet 1.0

Share threat data with other BunkerWeb instances via BunkerNet.

BunkerNet server

Address of the BunkerNet API.

BUNKERNET_SERVER

BunkerNet server is invalid and must match this pattern: ^https?:\/\/[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*$

CORS 1.0

Cross-Origin Resource Sharing.

Client cache 1.0

Manage caching for clients.

Extensions that should be cached by the client

List of file extensions, separated with pipes that should be cached.

CLIENT_CACHE_EXTENSIONS

Extensions that should be cached by the client is invalid and must match this pattern: ^(?!\|)(\|?([a-z0-9]+)(?!.*\2(?!.)))+$

Country 1.0

Deny access based on the country of the client IP.

Custom HTTPS certificate 1.0

Choose custom certificate for HTTPS.

DB 1.0

Integrate easily the Database.

The database URI

The database URI, following the sqlalchemy format.

DATABASE_URI

The database URI is invalid and must match this pattern: ^(postgresql|mysql|mariadb|sqlite|oracle)(\+[\w\-]+)?:.+$

Database log level

The level to use for database logs.

Database log level is invalid and must match this pattern: ^(debug|info|warn|warning|error)$

Database select

The database to use that is gonna be included in the stack.

Database select is invalid and must match this pattern: ^(Sqlite|Mysql|Mariadb|Postgresql)$

Database password

The password of the database.

DATABASE_PASSWORD

Database password is invalid and must match this pattern: ^(.*)$

DNSBL 1.0

Deny access based on external DNSBL servers.

DNSBL list

List of DNSBL servers.

DNSBL_LIST

DNSBL list is invalid and must match this pattern: ^(?! )( ?((?!\.)[\w.]+)(?!.*\2(?!.)))*$

Errors 1.0

Manage default error pages

Greylist 1.0

Allow access while keeping security features based on internal and external IP/network/rDNS/ASN greylists.

Greylist IP/network URLs

List of URLs, separated with spaces, containing good IP/network to put into the greylist.

GREYLIST_IP_URLS

Greylist IP/network URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Greylist reverse DNS URLs

List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.

GREYLIST_RDNS_URLS

Greylist reverse DNS URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Greylist ASN URLs

List of URLs, separated with spaces, containing ASN to put into the greylist.

GREYLIST_ASN_URLS

Greylist ASN URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Greylist User-Agent URLs

List of URLs, separated with spaces, containing good User-Agent to put into the greylist.

GREYLIST_USER_AGENT_URLS

Greylist User-Agent URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Greylist URI URLs

List of URLs, separated with spaces, containing bad URI to put into the greylist.

GREYLIST_URI_URLS

Greylist URI URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Gzip 1.0

Compress HTTP requests with the gzip algorithm.

HTML injection 1.0

Inject custom HTML code before the </body> tag.

Headers 1.0

Manage HTTP headers sent to clients.

Jobs 1.0

Fake core plugin for internal jobs.

Let's Encrypt 1.0

Automatic creation, renewal and configuration of Let's Encrypt certificates.

Limit 1.0

Limit maximum number of requests and connections.

Metrics 1.0

Metrics collection and retrieve.

Metrics memory size

Size of the internal storage for metrics.

METRICS_MEMORY_SIZE

Metrics memory size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Metrics max blocked requests

Maximum number of blocked requests to store (per worker).

METRICS_MAX_BLOCKED_REQUESTS

Metrics max blocked requests is invalid and must match this pattern: ^\d+$

Miscellaneous 1.0

Miscellaneous settings.

Disable default server

Close connection if the request vhost is unknown.

DISABLE_DEFAULT_SERVER

Disable default server is invalid and must match this pattern: ^(yes|no)$

External plugin URLs

List of external plugins URLs (direct download to .zip or .tar file) to download and install (URLs are separated with space).

EXTERNAL_PLUGIN_URLS

External plugin URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Deny HTTP status

HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection.

Deny HTTP status is invalid and must match this pattern: ^(403|444)$

Send anonymous report

Send anonymous report to BunkerWeb maintainers.

SEND_ANONYMOUS_REPORT

Send anonymous report is invalid and must match this pattern: ^(yes|no)$

ModSecurity 1.0

Management of the ModSecurity WAF.

PHP 1.0

Manage local or remote PHP-FPM.

Pro 1.0

Pro settings for the Pro version of BunkerWeb.

Pro License Key

The License Key for the Pro version of BunkerWeb.

PRO_LICENSE_KEY

Pro License Key is invalid and must match this pattern: ^.*$

Real IP 1.0

Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.

Real IP from URLs

List of URLs containing trusted IPs / networks, separated with spaces, where proxied requests come from.

REAL_IP_FROM_URLS

Real IP from URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Redirect 1.0

Manage HTTP redirects.

Redis 1.0

Redis server configuration when using BunkerWeb in cluster mode.

Activate Redis

Activate Redis.

USE_REDIS

Activate Redis is invalid and must match this pattern: ^(yes|no)$

Redis server

Redis server IP or hostname.

REDIS_HOST

Redis server is invalid and must match this pattern: ^((?!-)[a-zA-Z0-9\-]{1,63}(.[a-zA-Z]{2,})+|(\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3}|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)))?$

Redis port

Redis server port.

REDIS_PORT

Redis port is invalid and must match this pattern: ^[0-9]+$

Redis database

Redis database number.

REDIS_DATABASE

Redis database is invalid and must match this pattern: ^[0-9]+$

Redis SSL/TLS

Use SSL/TLS connection with Redis server.

REDIS_SSL

Redis SSL/TLS is invalid and must match this pattern: ^(yes|no)$

Redis SSL/TLS verify

Verify the certificate of Redis server.

REDIS_SSL_VERIFY

Redis SSL/TLS verify is invalid and must match this pattern: ^(yes|no)$

Redis timeout (ms)

Redis server timeout (in ms) for connect, read and write.

REDIS_TIMEOUT

Redis timeout (ms) is invalid and must match this pattern: ^[0-9]+$

Redis keepalive idle (ms)

Max idle time (in ms) before closing redis connection in the pool.

REDIS_KEEPALIVE_IDLE

Redis keepalive idle (ms) is invalid and must match this pattern: ^[0-9]+$

Redis keepalive pool

Max number of redis connection(s) kept in the pool.

REDIS_KEEPALIVE_POOL

Redis keepalive pool is invalid and must match this pattern: ^[0-9]+$

Redis username

Redis username used in AUTH command.

REDIS_USERNAME

Redis username is invalid and must match this pattern: ^.*$

Redis password

Redis password used in AUTH command.

REDIS_PASSWORD

Redis password is invalid and must match this pattern: ^.*$

Redis sentinel hosts

Redis sentinel hosts with format host:[port] separated with spaces.

REDIS_SENTINEL_HOSTS

Redis sentinel hosts is invalid and must match this pattern: ^.*$

Redis sentinel username

Redis sentinel username.

REDIS_SENTINEL_USERNAME

Redis sentinel username is invalid and must match this pattern: ^.*$

Redis sentinel password

Redis sentinel password.

REDIS_SENTINEL_PASSWORD

Redis sentinel password is invalid and must match this pattern: ^.*$

Redis sentinel master

Redis sentinel master name.

REDIS_SENTINEL_MASTER

Redis sentinel master is invalid and must match this pattern: ^.*$

Reverse proxy 1.0

Manage reverse proxy configurations.

Hierarchy levels

Hierarchy levels of the cache.

PROXY_CACHE_PATH_LEVELS

Hierarchy levels is invalid and must match this pattern: ^(:?[12]){1,3}$

Reverse proxy cache zone size

Maximum size of cached metadata when caching proxied resources.

PROXY_CACHE_PATH_ZONE_SIZE

Reverse proxy cache zone size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Reverse proxy cache params

Additional parameters to add to the proxy_cache directive.

PROXY_CACHE_PATH_PARAMS

Reverse proxy cache params is invalid and must match this pattern: ^.*$

Reverse scan 1.0

Scan clients ports to detect proxies or servers.

Self-signed certificate 1.0

Generate self-signed certificate.

Sessions 1.0

Management of session used by other plugins.

Sessions secret

Secret used to encrypt sessions variables for storing data related to challenges.

SESSIONS_SECRET

Sessions secret is invalid and must match this pattern: ^\w+$

Sessions name

Name of the cookie given to clients.

SESSIONS_NAME

Sessions name is invalid and must match this pattern: ^\w+$

Sessions idling timeout

Maximum time (in seconds) of inactivity before the session is invalidated.

SESSIONS_IDLING_TIMEOUT

Sessions idling timeout is invalid and must match this pattern: ^\d+$

Sessions rolling timeout

Maximum time (in seconds) before a session must be renewed.

SESSIONS_ROLLING_TIMEOUT

Sessions rolling timeout is invalid and must match this pattern: ^\d+$

Sessions absolute timeout

Maximum time (in seconds) before a session is destroyed.

SESSIONS_ABSOLUTE_TIMEOUT

Sessions absolute timeout is invalid and must match this pattern: ^\d+$

Sessions check IP

Destroy session if IP address is different than original one.

SESSIONS_CHECK_IP

Sessions check IP is invalid and must match this pattern: ^(yes|no)$

Sessions check User-Agent

Destroy session if User-Agent is different than original one.

SESSIONS_CHECK_USER_AGENT

Sessions check User-Agent is invalid and must match this pattern: ^(yes|no)$

UI 1.0

Integrate easily the BunkerWeb UI.

UI host

Address of the web UI used for initial setup

UI_HOST

UI host is invalid and must match this pattern: ^.*$

Whitelist 1.0

Allow access based on internal and external IP/network/rDNS/ASN whitelists.

Whitelist IP/network URLs

List of URLs, separated with spaces, containing good IP/network to whitelist.

WHITELIST_IP_URLS

Whitelist IP/network URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Whitelist reverse DNS URLs

List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.

WHITELIST_RDNS_URLS

Whitelist reverse DNS URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Whitelist ASN URLs

List of URLs, separated with spaces, containing ASN to whitelist.

WHITELIST_ASN_URLS

Whitelist ASN URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Whitelist User-Agent URLs

List of URLs, separated with spaces, containing good User-Agent to whitelist.

WHITELIST_USER_AGENT_URLS

Whitelist User-Agent URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

Whitelist URI URLs

List of URLs, separated with spaces, containing bad URI to whitelist.

WHITELIST_URI_URLS

Whitelist URI URLs is invalid and must match this pattern: ^( *((https?:\/\/|file:\/\/\/)[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)(?!.*\2(?!.)) *)*$

SERVICE CONFIG

search services filter plugins

Name 0.1

The name for the server

Server name

List of the virtual hosts served by bunkerWeb.

SERVER_NAME

Info

Duplicate name
if name is already taken or empty, default or random valid name will be set. (visible on tab)

Server name is invalid and must match this pattern: .*

Antibot 1.0

Bot detection by using a challenge.

Antibot challenge

Activate antibot feature.

Antibot URL

Unused URI that clients will be redirected to to solve the challenge.

ANTIBOT_URI

Antibot URL is invalid and must match this pattern: ^\/[\w\].~:\/?#\[@!$\&'*+,;=\-]*$

reCAPTCHA score

Minimum score required for reCAPTCHA challenge.

ANTIBOT_RECAPTCHA_SCORE

reCAPTCHA score is invalid and must match this pattern: ^(0\.[1-9]|1\.0)$

reCAPTCHA sitekey

Sitekey for reCAPTCHA challenge.

ANTIBOT_RECAPTCHA_SITEKEY

reCAPTCHA sitekey is invalid and must match this pattern: ^[\w\-]*$

reCAPTCHA secret

Secret for reCAPTCHA challenge.

ANTIBOT_RECAPTCHA_SECRET

reCAPTCHA secret is invalid and must match this pattern: ^[\w\-]*$

hCaptcha sitekey

Sitekey for hCaptcha challenge.

ANTIBOT_HCAPTCHA_SITEKEY

hCaptcha sitekey is invalid and must match this pattern: ^[a-zA-Z0-9\-]*$

hCaptcha secret

Secret for hCaptcha challenge.

ANTIBOT_HCAPTCHA_SECRET

hCaptcha secret is invalid and must match this pattern: ^\w*$

Turnstile sitekey

Sitekey for Turnstile challenge.

ANTIBOT_TURNSTILE_SITEKEY

Turnstile sitekey is invalid and must match this pattern: ^(0x[\w\-]+)?$

Turnstile secret

Secret for Turnstile challenge.

ANTIBOT_TURNSTILE_SECRET

Turnstile secret is invalid and must match this pattern: ^(0x[\w\-]+)?$

Time to resolve

Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.

ANTIBOT_TIME_RESOLVE

Time to resolve is invalid and must match this pattern: ^[0-9]+$

Time valid

Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one.

ANTIBOT_TIME_VALID

Time valid is invalid and must match this pattern: ^[0-9]+$

Auth basic 1.0

Enforce login before accessing a resource or the whole site using HTTP basic auth method.

Use HTTP basic auth

USE_AUTH_BASIC

Use HTTP basic auth is invalid and must match this pattern: ^(yes|no)$

Auth basic Location

URL of the protected resource or sitewide value.

AUTH_BASIC_LOCATION

Auth basic Location is invalid and must match this pattern: ^(sitewide|/[a-zA-Z0-9.\/\-]*)$

Auth basic Username

Username

AUTH_BASIC_USER

Auth basic Username is invalid and must match this pattern: ^[\w\-]+

Password

AUTH_BASIC_PASSWORD

Password is invalid and must match this pattern: ^.+

Text

Text to display

AUTH_BASIC_TEXT

Text is invalid and must match this pattern: ^.+

Bad behavior 1.0

Ban IP generating too much 'bad' HTTP status code in a period of time.

Activate bad behavior

Activate Bad behavior feature.

USE_BAD_BEHAVIOR

Activate bad behavior is invalid and must match this pattern: ^(yes|no)$

Bad status codes

List of HTTP status codes considered as 'bad'.

BAD_BEHAVIOR_STATUS_CODES

Bad status codes is invalid and must match this pattern: ^( *([1-5]\d{2})(?!.*\2) *)+$

Ban duration (in seconds)

The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.

BAD_BEHAVIOR_BAN_TIME

Ban duration (in seconds) is invalid and must match this pattern: ^\d+

Threshold

Maximum number of 'bad' HTTP status codes within the period of time before IP is banned.

BAD_BEHAVIOR_THRESHOLD

Threshold is invalid and must match this pattern: ^[1-9][0-9]*

Period (in seconds)

Period of time (in seconds) during which we count 'bad' HTTP status codes.

BAD_BEHAVIOR_COUNT_TIME

Period (in seconds) is invalid and must match this pattern: ^\d+

Blacklist 1.0

Deny access based on internal and external IP/network/rDNS/ASN blacklists.

Activate blacklisting

Activate blacklist feature.

USE_BLACKLIST

Activate blacklisting is invalid and must match this pattern: ^(yes|no)$

Blacklist IP/network

List of IP/network, separated with spaces, to block.

BLACKLIST_IP

Blacklist IP/network is invalid and must match this pattern: ^(?! )( *(((\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3})(\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d))(\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\D\2([^\d\/]|$)) *)*$

Blacklist reverse DNS global IPs

Only perform RDNS blacklist checks on global IP addresses.

BLACKLIST_RDNS_GLOBAL

Blacklist reverse DNS global IPs is invalid and must match this pattern: ^(yes|no)$

Blacklist reverse DNS

List of reverse DNS suffixes, separated with spaces, to block.

BLACKLIST_RDNS

Blacklist reverse DNS is invalid and must match this pattern: ^( *(([^ ]+)(?!.*\3( |$))) *)*$

Blacklist ASN

List of ASN numbers, separated with spaces, to block.

BLACKLIST_ASN

Blacklist ASN is invalid and must match this pattern: ^^( *((ASN?)?(\d+)\b(?!.*[SN ]\4\b)) *)*$

Blacklist User-Agent

List of User-Agent (PCRE regex), separated with spaces, to block.

BLACKLIST_USER_AGENT

Blacklist User-Agent is invalid and must match this pattern: ^.*$

Blacklist URI

List of URI (PCRE regex), separated with spaces, to block.

BLACKLIST_URI

Blacklist URI is invalid and must match this pattern: ^( *(.*)(?!.*\2(?!.)) *)*$

Blacklist ignore IP/network

List of IP/network, separated with spaces, to ignore in the blacklist.

BLACKLIST_IGNORE_IP

Blacklist ignore IP/network is invalid and must match this pattern: ^(?! )( *(((\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3})(\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d))(\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\D\2([^\d\/]|$)) *)*$

Blacklist ignore reverse DNS

List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist.

BLACKLIST_IGNORE_RDNS

Blacklist ignore reverse DNS is invalid and must match this pattern: ^( *(([^ ]+)(?!.*\3( |$))) *)*$

Blacklist ignore ASN

List of ASN numbers, separated with spaces, to ignore in the blacklist.

BLACKLIST_IGNORE_ASN

Blacklist ignore ASN is invalid and must match this pattern: ^^( *((ASN?)?(\d+)\b(?!.*[SN ]\4\b)) *)*$

Blacklist ignore User-Agent

List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist.

BLACKLIST_IGNORE_USER_AGENT

Blacklist ignore User-Agent is invalid and must match this pattern: ^.*$

Blacklist ignore URI

List of URI (PCRE regex), separated with spaces, to ignore in the blacklist.

BLACKLIST_IGNORE_URI

Blacklist ignore URI is invalid and must match this pattern: ^( *(.*)(?!.*\2(?!.)) *)*$

Brotli 1.0

Compress HTTP requests with the brotli algorithm.

Use brotli

USE_BROTLI

Use brotli is invalid and must match this pattern: ^(yes|no)$

MIME types

List of MIME types that will be compressed with brotli.

BROTLI_TYPES

MIME types is invalid and must match this pattern: ^(?! )( ?([\-\w.]+/[\-\w.+]+)(?!.*\2(?!.)))+$

Minimum length

Minimum length for brotli compression.

BROTLI_MIN_LENGTH

Minimum length is invalid and must match this pattern: ^\d+

Compression level

The compression level of the brotli algorithm.

Compression level is invalid and must match this pattern: ^([02-9]|1[01]?)$

BunkerNet 1.0

Share threat data with other BunkerWeb instances via BunkerNet.

Activate BunkerNet

Activate BunkerNet feature.

USE_BUNKERNET

Activate BunkerNet is invalid and must match this pattern: ^(yes|no)$

CORS 1.0

Cross-Origin Resource Sharing.

Use CORS

USE_CORS

Use CORS is invalid and must match this pattern: ^(yes|no)$

Allowed origins

Allowed origins to make CORS requests : PCRE regex or *.

CORS_ALLOW_ORIGIN

Allowed origins is invalid and must match this pattern: ^.*$

Access-Control-Expose-Headers value

Value of the Access-Control-Expose-Headers header.

CORS_EXPOSE_HEADERS

Access-Control-Expose-Headers value is invalid and must match this pattern: ^(\*|(?![, ]+)(,? ?([\w\-]+)(?!.*\3(?!.)))*)?$

Cross-Origin-Opener-Policy

Value for the Cross-Origin-Opener-Policy header.

Cross-Origin-Opener-Policy is invalid and must match this pattern: ^(unsafe-none|same-origin-allow-popups|same-origin)?$

Cross-Origin-Embedder-Policy

Value for the Cross-Origin-Embedder-Policy header.

Cross-Origin-Embedder-Policy is invalid and must match this pattern: ^(unsafe-none|require-corp|credentialless)?$

Cross-Origin-Resource-Policy

Value for the Cross-Origin-Resource-Policy header.

Cross-Origin-Resource-Policy is invalid and must match this pattern: ^(same-site|same-origin|cross-origin)?$

Access-Control-Max-Age value

Value of the Access-Control-Max-Age header.

CORS_MAX_AGE

Access-Control-Max-Age value is invalid and must match this pattern: ^\d+$

Send Access-Control-Allow-Credentials

Send the Access-Control-Allow-Credentials header.

CORS_ALLOW_CREDENTIALS

Send Access-Control-Allow-Credentials is invalid and must match this pattern: ^(yes|no)$

Access-Control-Allow-Methods value

Value of the Access-Control-Allow-Methods header.

CORS_ALLOW_METHODS

Access-Control-Allow-Headers value

Value of the Access-Control-Allow-Headers header.

CORS_ALLOW_HEADERS

Access-Control-Allow-Headers value is invalid and must match this pattern: ^(\*|(?![, ])(,? ?([\w\-]+)(?!.*\3(?!.)))*)?$

Deny request

Deny request and don't send it to backend if Origin is not allowed.

CORS_DENY_REQUEST

Deny request is invalid and must match this pattern: ^(yes|no)$

Client cache 1.0

Manage caching for clients.

Use client cache

Tell client to store locally static files.

USE_CLIENT_CACHE

Use client cache is invalid and must match this pattern: ^(yes|no)$

ETag

Send the HTTP ETag header for static resources.

CLIENT_CACHE_ETAG

ETag is invalid and must match this pattern: ^(yes|no)$

Cache-Control header

Value of the Cache-Control HTTP header.

CLIENT_CACHE_CONTROL

Country 1.0

Deny access based on the country of the client IP.

Country blacklist

Deny access if the country of the client is in the list (ISO 3166-1 alpha-2 format separated with spaces).

BLACKLIST_COUNTRY

Country blacklist is invalid and must match this pattern: ^(?! )( *([A-Z]{2})(?!.*\2) *)*$

Country whitelist

Deny access if the country of the client is not in the list (ISO 3166-1 alpha-2 format separated with spaces).

WHITELIST_COUNTRY

Country whitelist is invalid and must match this pattern: ^(?! )( *([A-Z]{2})(?!.*\2) *)*$

Custom HTTPS certificate 1.0

Choose custom certificate for HTTPS.

Use custom certificate

Use custom HTTPS certificate.

USE_CUSTOM_SSL

Use custom certificate is invalid and must match this pattern: ^(yes|no)$

Certificate path

Full path of the certificate or bundle file (must be readable by the scheduler).

CUSTOM_SSL_CERT

Certificate path is invalid and must match this pattern: ^(/[\w. \-]+)*/?$

Key path

Full path of the key file (must be readable by the scheduler).

CUSTOM_SSL_KEY

Key path is invalid and must match this pattern: ^(/[\w. \-]+)*/?$

Certificate data (base64)

Certificate data encoded in base64.

CUSTOM_SSL_CERT_DATA

Certificate data (base64) is invalid and must match this pattern: ^.*$

Key data (base64)

Key data encoded in base64.

CUSTOM_SSL_KEY_DATA

Key data (base64) is invalid and must match this pattern: ^.*$

DB 1.0

Integrate easily the Database.

DNSBL 1.0

Deny access based on external DNSBL servers.

Activate DNSBL

Activate DNSBL feature.

USE_DNSBL

Activate DNSBL is invalid and must match this pattern: ^(yes|no)$

Errors 1.0

Manage default error pages

Errors

List of HTTP error code and corresponding error pages, separated with spaces (404=/my404.html 403=/errors/403.html ...).

ERRORS

Errors is invalid and must match this pattern: ^(?! )( ?([1-5]\d{2})(?!.*\2(?![^=]))=(\/[\w\].~:\/?#\[@!$\&'*+,;=\-]*)(?!.*\3(?!.)))*$

Intercepted error codes

List of HTTP error code intercepted by BunkerWeb

INTERCEPTED_ERROR_CODES

Intercepted error codes is invalid and must match this pattern: ^( *([1-5]\d{2})(?!.*\2) *)+$

Greylist 1.0

Allow access while keeping security features based on internal and external IP/network/rDNS/ASN greylists.

Activate greylisting

Activate greylist feature.

USE_GREYLIST

Activate greylisting is invalid and must match this pattern: ^(yes|no)$

Greylist IP/network

List of IP/network, separated with spaces, to put into the greylist.

GREYLIST_IP

Greylist IP/network is invalid and must match this pattern: ^(?! )( *(((\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3})(\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d))(\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\D\2([^\d\/]|$)) *)*$

Greylist reverse DNS global IPs

Only perform RDNS greylist checks on global IP addresses.

GREYLIST_RDNS_GLOBAL

Greylist reverse DNS global IPs is invalid and must match this pattern: ^(yes|no)$

Greylist reverse DNS

List of reverse DNS suffixes, separated with spaces, to put into the greylist.

GREYLIST_RDNS

Greylist reverse DNS is invalid and must match this pattern: ^( *(([^ ]+)(?!.*\3( |$))) *)*$

Greylist ASN

List of ASN numbers, separated with spaces, to put into the greylist.

GREYLIST_ASN

Greylist ASN is invalid and must match this pattern: ^^( *((ASN?)?(\d+)\b(?!.*[SN ]\4\b)) *)*$

Greylist User-Agent

List of User-Agent (PCRE regex), separated with spaces, to put into the greylist.

GREYLIST_USER_AGENT

Greylist User-Agent is invalid and must match this pattern: ^.*$

Greylist URI

List of URI (PCRE regex), separated with spaces, to put into the greylist.

GREYLIST_URI

Greylist URI is invalid and must match this pattern: ^.*$

Gzip 1.0

Compress HTTP requests with the gzip algorithm.

Use gzip

USE_GZIP

Use gzip is invalid and must match this pattern: ^(yes|no)$

MIME types

List of MIME types that will be compressed with gzip.

GZIP_TYPES

MIME types is invalid and must match this pattern: ^(?! )( ?([\-\w.]+/[\-\w.+]+)(?!.*\2(?!.)))+$

Minimum length

Minimum length for gzip compression.

GZIP_MIN_LENGTH

Minimum length is invalid and must match this pattern: ^\d+$

Compression level

The compression level of the gzip algorithm.

Compression level is invalid and must match this pattern: ^[1-9]$

HTML injection 1.0

Inject custom HTML code before the </body> tag.

HTML code

The HTML code to inject.

INJECT_BODY

HTML code is invalid and must match this pattern: ^.*$

Headers 1.0

Manage HTTP headers sent to clients.

Remove headers

Headers to remove (Header1 Header2 Header3 ...)

REMOVE_HEADERS

Remove headers is invalid and must match this pattern: ^(?! )( ?[\w\-]+)*$

Keep upstream headers

Headers to keep from upstream (Header1 Header2 Header3 ... or * for all).

KEEP_UPSTREAM_HEADERS

Keep upstream headers is invalid and must match this pattern: ^((?! )( ?[\w\-]+)+|\*)?$

Strict-Transport-Security

Value for the Strict-Transport-Security header.

STRICT_TRANSPORT_SECURITY

Strict-Transport-Security is invalid and must match this pattern: ^max-age=\d+(; includeSubDomains(; preload)?)?$

Cookie auto Secure flag

Automatically add the Secure flag to all cookies.

COOKIE_AUTO_SECURE_FLAG

Cookie auto Secure flag is invalid and must match this pattern: ^(yes|no)$

Content-Security-Policy

Value for the Content-Security-Policy header.

CONTENT_SECURITY_POLICY

Content-Security-Policy is invalid and must match this pattern: ^.*$

Content-Security-Policy-Report-Only

Send reports for violations of the Content-Security-Policy header instead of blocking them.

CONTENT_SECURITY_POLICY_REPORT_ONLY

Content-Security-Policy-Report-Only is invalid and must match this pattern: ^(yes|no)$

Referrer-Policy

Value for the Referrer-Policy header.

REFERRER_POLICY

Permissions-Policy

Value for the Permissions-Policy header.

PERMISSIONS_POLICY

Permissions-Policy is invalid and must match this pattern: ^(?![, ])(,? ?([a-z\-]+)(?!.*[^\-]\2=)=(\*|$( ?(self|\u0022https?:\/\/[\-\w@:%.+~#=]+[\-\w\($!@:%+.~#?&\/=$]*\u0022)(?=[ \)]))*\)))*$

Feature-Policy

Value for the Feature-Policy header.

FEATURE_POLICY

X-Frame-Options

Value for the X-Frame-Options header.

X-Frame-Options is invalid and must match this pattern: ^(DENY|SAMEORIGIN)?$

X-Content-Type-Options

Value for the X-Content-Type-Options header.

X-Content-Type-Options is invalid and must match this pattern: ^(nosniff)?$

X-XSS-Protection

Value for the X-XSS-Protection header.

X_XSS_PROTECTION

X-XSS-Protection is invalid and must match this pattern: ^0|1(; (mode=block|report=https?:\/\/[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*))?$

custom-headers

Custom header (HeaderName: HeaderValue)

Custom header to add (HeaderName: HeaderValue).

CUSTOM_HEADER

Custom header (HeaderName: HeaderValue) is invalid and must match this pattern: ^([\w\-]+: .+)?$

cookie-flags

Cookie flags

Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).

COOKIE_FLAGS

Cookie flags is invalid and must match this pattern: ^(\*|[^;]+)( (HttpOnly|(SameSite)(?!.*\4)(=(Lax|Strict))?)(?!.*\3))*$

Jobs 1.0

Fake core plugin for internal jobs.

Let's Encrypt 1.0

Automatic creation, renewal and configuration of Let's Encrypt certificates.

Automatic Let's Encrypt

Activate automatic Let's Encrypt mode.

AUTO_LETS_ENCRYPT

Automatic Let's Encrypt is invalid and must match this pattern: ^(yes|no)$

Email Let's Encrypt

Email used for Let's Encrypt notification and in certificate.

EMAIL_LETS_ENCRYPT

Email Let's Encrypt is invalid and must match this pattern: ^([^@ \t\r\n]+@[^@ \t\r\n]+\.[^@ \t\r\n]+)?$

Use Let's Encrypt Staging

Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.

USE_LETS_ENCRYPT_STAGING

Use Let's Encrypt Staging is invalid and must match this pattern: ^(yes|no)$

Limit 1.0

Limit maximum number of requests and connections.

Activate limit requests

Activate limit requests feature.

USE_LIMIT_REQ

Activate limit requests is invalid and must match this pattern: ^(yes|no)$

Activate limit connections

Activate limit connections feature.

USE_LIMIT_CONN

Activate limit connections is invalid and must match this pattern: ^(yes|no)$

Maximum number of HTTP/1.X connections

Maximum number of connections per IP when using HTTP/1.X protocol.

LIMIT_CONN_MAX_HTTP1

Maximum number of HTTP/1.X connections is invalid and must match this pattern: ^\d+$

Maximum number of HTTP/2 streams

Maximum number of streams per IP when using HTTP/2 protocol.

LIMIT_CONN_MAX_HTTP2

Maximum number of HTTP/2 streams is invalid and must match this pattern: ^\d+$

Maximum number of stream connections

Maximum number of connections per IP when using stream.

LIMIT_CONN_MAX_STREAM

Maximum number of stream connections is invalid and must match this pattern: ^\d+$

limit-req

Limit request URL

URL (PCRE regex) where the limit request will be applied or special value / for all requests.

LIMIT_REQ_URL

Limit request URL is invalid and must match this pattern: ^.+$

Limit request Rate

Rate to apply to the URL (s for second, m for minute, h for hour and d for day).

LIMIT_REQ_RATE

Limit request Rate is invalid and must match this pattern: ^\d+r/[smhd]$

Metrics 1.0

Metrics collection and retrieve.

Use metrics

Enable collection and retrieval of internal metrics.

USE_METRICS

Use metrics is invalid and must match this pattern: ^(yes|no)$

Miscellaneous 1.0

Miscellaneous settings.

Redirect HTTP to HTTPS

Redirect all HTTP request to HTTPS.

REDIRECT_HTTP_TO_HTTPS

Redirect HTTP to HTTPS is invalid and must match this pattern: ^(yes|no)$

Auto redirect HTTP to HTTPS

Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.

AUTO_REDIRECT_HTTP_TO_HTTPS

Auto redirect HTTP to HTTPS is invalid and must match this pattern: ^(yes|no)$

Allowed methods

Allowed HTTP and WebDAV methods, separated with pipes to be sent by clients.

ALLOWED_METHODS

Allowed methods is invalid and must match this pattern: ^(?!\|)(\|?([A-Z]{3,})(?!.*(^|\|)\2))+$

Maximum body size

Maximum body size (0 for infinite).

MAX_CLIENT_SIZE

Maximum body size is invalid and must match this pattern: ^\d+[kKmMgG]?$

Serve files

Serve files from the local folder.

SERVE_FILES

Serve files is invalid and must match this pattern: ^(yes|no)$

Root folder

Root folder containing files to serve (/var/www/html/{server_name} if unset).

ROOT_FOLDER

Root folder is invalid and must match this pattern: ^(/[\w. \-]+)*/?$

HTTPS protocols

The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.

SSL_PROTOCOLS

HTTPS protocols is invalid and must match this pattern: ^(?! )( ?TLSv1\.[0-3])*$

HTTP2

Support HTTP2 protocol when HTTPS is enabled.

HTTP2

HTTP2 is invalid and must match this pattern: ^(yes|no)$

HTTP listen

Respond to (insecure) HTTP requests.

LISTEN_HTTP

HTTP listen is invalid and must match this pattern: ^(yes|no)$

Use open file cache

Enable open file cache feature

USE_OPEN_FILE_CACHE

Use open file cache is invalid and must match this pattern: ^(yes|no)$

Use open file cache

Open file cache directive

OPEN_FILE_CACHE

Use open file cache is invalid and must match this pattern: ^(off|max=\d+( inactive=\d+(ms?|[shdwMy]))?)$

Open file cache errors

Enable open file cache for errors

OPEN_FILE_CACHE_ERRORS

Open file cache errors is invalid and must match this pattern: ^(yes|no)$

Open file cache min uses

Enable open file cache minimum uses

OPEN_FILE_CACHE_MIN_USES

Open file cache min uses is invalid and must match this pattern: ^[1-9]\d*$

Open file cache valid time

OPEN_FILE_CACHE_VALID

Open file cache valid time is invalid and must match this pattern: ^\d+(ms?|[shdwMy])$

ModSecurity 1.0

Management of the ModSecurity WAF.

Use ModSecurity

Enable ModSecurity WAF.

USE_MODSECURITY

Use ModSecurity is invalid and must match this pattern: ^(yes|no)$

Use Core Rule Set

Enable OWASP Core Rule Set.

USE_MODSECURITY_CRS

Use Core Rule Set is invalid and must match this pattern: ^(yes|no)$

Core Rule Set Version

Version of the OWASP Core Rule Set to use.

Core Rule Set Version is invalid and must match this pattern: ^(3|4)$

SecAuditEngine

SecAuditEngine directive of ModSecurity.

SecAuditEngine is invalid and must match this pattern: ^(On|RelevantOnly|Off)$

SecRuleEngine

SecRuleEngine directive of ModSecurity.

SecRuleEngine is invalid and must match this pattern: ^(On|DetectionOnly|Off)$

SecAuditLogParts

SecAuditLogParts directive of ModSecurity.

MODSECURITY_SEC_AUDIT_LOG_PARTS

SecAuditLogParts is invalid and must match this pattern: ^A(([B-K])(?!.*\2))+Z$

PHP 1.0

Manage local or remote PHP-FPM.

Remote PHP

Hostname of the remote PHP-FPM instance.

REMOTE_PHP

Remote PHP is invalid and must match this pattern: ^((?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?)?$

Remote PHP path

Root folder containing files in the remote PHP-FPM instance.

REMOTE_PHP_PATH

Remote PHP path is invalid and must match this pattern: ^(/[\w. \-]+)*/?$

Local PHP

Path to the PHP-FPM socket file.

LOCAL_PHP

Local PHP is invalid and must match this pattern: ^(/[\w. \-]+)*/?$

Local PHP path

Root folder containing files in the local PHP-FPM instance.

LOCAL_PHP_PATH

Local PHP path is invalid and must match this pattern: ^(/[\w. \-]+)*/?$

Pro 1.0

Pro settings for the Pro version of BunkerWeb.

Real IP 1.0

Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.

Use real ip

Retrieve the real IP of client.

USE_REAL_IP

Use real ip is invalid and must match this pattern: ^(yes|no)$

Use PROXY protocol

Enable PROXY protocol communication.

USE_PROXY_PROTOCOL

Use PROXY protocol is invalid and must match this pattern: ^(yes|no)$

Real IP from

List of trusted IPs / networks, separated with spaces, where proxied requests come from.

REAL_IP_FROM

Real IP from is invalid and must match this pattern: ^(?! )( *(((\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3})(\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d))(\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\D\2([^\d\/]|$)) *)*$

Real IP header

HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.

REAL_IP_HEADER

Real IP header is invalid and must match this pattern: ^(?! )(( ?(?!proxy_protocol)[\w\-]+)*|proxy_protocol)$

Real IP recursive

Perform a recursive search in the header container IP address.

REAL_IP_RECURSIVE

Real IP recursive is invalid and must match this pattern: ^(yes|no)$

Redirect 1.0

Manage HTTP redirects.

Redirect to

Redirect a whole site to another one.

REDIRECT_TO

Redirect to is invalid and must match this pattern: ^(https?:\/\/[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)?$

Append request URI

Append the requested URI to the redirect address.

REDIRECT_TO_REQUEST_URI

Append request URI is invalid and must match this pattern: ^(yes|no)$

Append request URI

Status code to send to client when redirecting.

Append request URI is invalid and must match this pattern: ^(301|302)$

Redis 1.0

Redis server configuration when using BunkerWeb in cluster mode.

Reverse proxy 1.0

Manage reverse proxy configurations.

Use reverse proxy

Activate reverse proxy mode.

USE_REVERSE_PROXY

Use reverse proxy is invalid and must match this pattern: ^(yes|no)$

Intercept errors

Intercept and rewrite errors.

REVERSE_PROXY_INTERCEPT_ERRORS

Intercept errors is invalid and must match this pattern: ^(yes|no)$

Reverse proxy cache

Enable or disable caching of the proxied resources.

USE_PROXY_CACHE

Reverse proxy cache is invalid and must match this pattern: ^(yes|no)$

Reverse proxy cache methods

HTTP methods that should trigger a cache operation.

PROXY_CACHE_METHODS

Reverse proxy cache minimum uses

The minimum number of requests before a response is cached.

PROXY_CACHE_MIN_USES

Reverse proxy cache minimum uses is invalid and must match this pattern: ^[1-9]\d*$

Reverse proxy cache key

The key used to uniquely identify a cached response.

PROXY_CACHE_KEY

Reverse proxy cache key is invalid and must match this pattern: ^(?! )( ?(\$[a-z_]+)(?!.*\2))+$

Reverse proxy cache valid

Define the caching time depending on the HTTP status code (list of status=time), separated with spaces.

PROXY_CACHE_VALID

Reverse proxy cache valid is invalid and must match this pattern: ^(?! )( ?([1-5]\d{2})(?!.*\2=)=\d+(ms?|[shdwMy]))*$

Reverse proxy no cache

Conditions to disable caching of responses.

PROXY_NO_CACHE

Reverse proxy no cache is invalid and must match this pattern: ^.*$

Reverse proxy bypass

Conditions to bypass caching of responses.

PROXY_CACHE_BYPASS

Reverse proxy bypass is invalid and must match this pattern: ^.*$

Reverse proxy custom host

Override Host header sent to upstream server.

REVERSE_PROXY_CUSTOM_HOST

Reverse proxy custom host is invalid and must match this pattern: ^.*$

reverse-proxy

Reverse proxy host

Full URL of the proxied resource (proxy_pass).

REVERSE_PROXY_HOST

Reverse proxy host is invalid and must match this pattern: ^.*$

Reverse proxy url

Location URL that will be proxied.

REVERSE_PROXY_URL

Reverse proxy url is invalid and must match this pattern: ^.*$

Reverse proxy WS

Enable websocket on the proxied resource.

REVERSE_PROXY_WS

Reverse proxy WS is invalid and must match this pattern: ^(yes|no)$

Reverse proxy headers

List of HTTP headers to send to proxied resource separated with semicolons (values for proxy_set_header directive).

REVERSE_PROXY_HEADERS

Reverse proxy headers is invalid and must match this pattern: ^(?![; ])(;? ?([\w\-]+)(?!.*\2 ) [^;]+)*$

Reverse proxy headers-client

List of HTTP headers to send to client separated with semicolons (values for add_header directive).

REVERSE_PROXY_HEADERS_CLIENT

Reverse proxy headers-client is invalid and must match this pattern: ^(?![; ])(;? ?([\w\-]+)(?!.*\2 ) [^;]+)*$

Reverse proxy buffering

Enable or disable buffering of responses from proxied resource.

REVERSE_PROXY_BUFFERING

Reverse proxy buffering is invalid and must match this pattern: ^(yes|no)$

Reverse proxy keepalive

Enable or disable keepalive connections with the proxied resource.

REVERSE_PROXY_KEEPALIVE

Reverse proxy keepalive is invalid and must match this pattern: ^(yes|no)$

Reverse proxy auth request

Enable authentication using an external provider (value of auth_request directive).

REVERSE_PROXY_AUTH_REQUEST

Reverse proxy auth request is invalid and must match this pattern: ^(\/[\w\].~:\/?#\[@!$\&'*+,;=\-]*|off)?$

Auth request signin URL

Redirect clients to sign-in URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401).

REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL

Auth request signin URL is invalid and must match this pattern: ^(https?:\/\/[\-\w@:%.+~#=]+[\-\w!@:%+.~#?&\/=$]*)?$

Reverse proxy auth request set

List of variables to set from the authentication provider, separated with semicolons (values of auth_request_set directives).

REVERSE_PROXY_AUTH_REQUEST_SET

Reverse proxy auth request set is invalid and must match this pattern: ^(?! ;)(;? ?(\$[a-z_\-]+)(?!.*\2 ) [^;]+)*$

Reverse proxy connect timeout

Timeout when connecting to the proxied resource.

REVERSE_PROXY_CONNECT_TIMEOUT

Reverse proxy connect timeout is invalid and must match this pattern: ^\d+(ms?|[shdwMy])$

Reverse proxy read timeout

Timeout when reading from the proxied resource.

REVERSE_PROXY_READ_TIMEOUT

Reverse proxy read timeout is invalid and must match this pattern: ^\d+(ms?|[shdwMy])$

Reverse proxy send timeout

Timeout when sending to the proxied resource.

REVERSE_PROXY_SEND_TIMEOUT

Reverse proxy send timeout is invalid and must match this pattern: ^\d+(ms?|[shdwMy])$

Reverse proxy includes

Additional configuration to include in the location block, separated with spaces.

REVERSE_PROXY_INCLUDES

Reverse proxy includes is invalid and must match this pattern: ^(?! )( ?(\w+)(?!.*\b\2\b))*$

Reverse scan 1.0

Scan clients ports to detect proxies or servers.

Reverse scan

Enable scanning of clients ports and deny access if one is opened.

USE_REVERSE_SCAN

Reverse scan is invalid and must match this pattern: ^(no|yes)$

Reverse scan ports

List of port to scan when using reverse scan feature.

REVERSE_SCAN_PORTS

Reverse scan ports is invalid and must match this pattern: ^.*$

Reverse scan timeout

Specify the maximum timeout (in ms) when scanning a port.

REVERSE_SCAN_TIMEOUT

Reverse scan timeout is invalid and must match this pattern: ^.*$

Self-signed certificate 1.0

Generate self-signed certificate.

Activate self-signed certificate

Generate and use self-signed certificate.

GENERATE_SELF_SIGNED_SSL

Activate self-signed certificate is invalid and must match this pattern: ^(yes|no)$

Certificate expiry

Self-signed certificate expiry in days.

SELF_SIGNED_SSL_EXPIRY

Certificate expiry is invalid and must match this pattern: ^\d+$

Certificate subject

Self-signed certificate subject.

SELF_SIGNED_SSL_SUBJ

Certificate subject is invalid and must match this pattern: ^/CN=[^,]+$

Sessions 1.0

Management of session used by other plugins.

UI 1.0

Integrate easily the BunkerWeb UI.

Use UI

USE_UI

Use UI is invalid and must match this pattern: ^(yes|no)$

Whitelist 1.0

Allow access based on internal and external IP/network/rDNS/ASN whitelists.

Activate whitelisting

Activate whitelist feature.

USE_WHITELIST

Activate whitelisting is invalid and must match this pattern: ^(yes|no)$

Whitelist IP/network

List of IP/network, separated with spaces, to put into the whitelist.

WHITELIST_IP

Whitelist IP/network is invalid and must match this pattern: ^(?! )( *(((\b25[0-5]|\b2[0-4]\d|\b[01]?\d\d?)(\.(25[0-5]|2[0-4]\d|[01]?\d\d?)){3})(\/([1-2][0-9]?|3[0-2]?|[04-9]))?|(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]Z{0,4}){0,4}%[0-9a-zA-Z]+|::(ffff(:0{1,4})?:)?((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d)|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1?\d)?\d)\.){3}(25[0-5]|(2[0-4]|1?\d)?\d))(\/(12[0-8]|1[01][0-9]|[0-9][0-9]?))?)(?!.*\D\2([^\d\/]|$)) *)*$

Whitelist reverse DNS global IPs

Only perform RDNS whitelist checks on global IP addresses.

WHITELIST_RDNS_GLOBAL

Whitelist reverse DNS global IPs is invalid and must match this pattern: ^(yes|no)$

Whitelist reverse DNS

List of reverse DNS suffixes, separated with spaces, to whitelist.

WHITELIST_RDNS

Whitelist reverse DNS is invalid and must match this pattern: ^( *(([^ ]+)(?!.*\3( |$))) *)*$

Whitelist ASN

List of ASN numbers, separated with spaces, to whitelist.

WHITELIST_ASN

Whitelist ASN is invalid and must match this pattern: ^^( *((ASN?)?(\d+)\b(?!.*[SN ]\4\b)) *)*$

Whitelist User-Agent

List of User-Agent (PCRE regex), separated with spaces, to whitelist.

WHITELIST_USER_AGENT

Whitelist User-Agent is invalid and must match this pattern: ^.*$

Whitelist URI

List of URI (PCRE regex), separated with spaces, to whitelist.

WHITELIST_URI

Whitelist URI is invalid and must match this pattern: ^( *(.*)(?!.*\2(?!.)) *)*$

CONF MANAGER

http

stream

server-http

server-stream

default-server-http

default-server-stream

modsec

modsec-crs

TITLE

name

suffix

Info

Error ! This file name already exist on this folder.

operation path old_name type

EXPORT CONFIG

DOWNLOAD THE CODE BELOW TO REIMPORT YOUR CONFIGURATION LATER

Copied

INTEGRATIONS

JOIN THE NEWSLETTER

I've read and agree to the privacy policy

Legal Notice Privacy Policy Cookie Policy