Patrol for Craft 3
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Patrol 3

Maintenance Mode and SSL Routing for Craft 3

Features 🚀

SSL Routing 👮‍

  • Force HTTPS (server agnostic)
  • Force a Primary Domain (naked domain vs www prefixed)
  • Define where HTTPS is enforced (if not globally)
  • Control the best redirect status code for your use case

Maintenance Mode 🚧

  • Put your site on maintenance mode
  • Define who can access the site while offline
  • Reroute guests to an offline page (or custom response)


composer require selvinortiz/patrol

./craft install/plugin patrol

...or you can search for Patrol in the Plugin Store.


You can configure some stuff through the control panel, but doing so is not recommended. File configs are much more flexible and you can define different configs for different environments.

return [
    '*' => [
        'primaryDomain' => null,
        'redirectStatusCode' => 302,

        'sslRoutingBaseUrl' => "",
        'sslRoutingEnabled' => true,
        'sslRoutingRestrictedUrls' => ['/'],

        'maintenanceModeEnabled' => false,
        'maintenanceModePageUrl' => '/offline',
        'maintenanceModeAuthorizedIps' => ['::1', ''],
        'maintenanceModeResponseStatusCode' => 410,
    'dev' => [
        'sslRoutingEnabled' => false,
    'staging' => [
        'maintenanceModePageUrl' => null,
        'maintenanceModeResponseStatusCode' => 410,
    'production' => [
        'redirectStatusCode' => 301,
        'maintenanceModeResponseStatusCode' => 503,

Config Settings


Defaults to null

Primary domain to enforce

If your site is accessible via multiple domains, you may want to ensure that it can only be accessed by the primary domain.


  • (App URL)
  • (Secondary)
  • (Primary)

If a user requests or, they will be redirected to


Defaults to 302

Redirect status code to use when...

  1. redirecting to and from SSL restricted URLs
  2. redirecting to primary domain, if one is defined.


Defaults to Craft::$app->request->hostInfo

Tells Patrol what base URL to use when redirecting to SSL


Defaults to false

Tells Patrol to force requests to be made over https://


Defaults to ['/'] (everything)

Tells Patrol where https:// should be enforced.


Defaults to false

Tells Patrol that your site is on maintenance mode and it should start routing traffic differently.

Authorized users will see your site while unauthorized users will see either your offline page or an HTTP response with a custom status code.


Defaults to ['::1', '']

IP addresses that should be allowed (without being logged in) during maintenance.


Defaults to 410

Tells Patrol what kind of HttpException to throw if you do not set a $maintenanceModePageUrl.


Defaults to []

Access tokens that can be used to automatically add an IP to the allowed list.

If you define the following access tokens:

$maintenanceModeAccessTokens =  [

You will be able to send someone a link with the access token. When the visit that link, their IP will be added to the allowed list.

You can use any string as an access token but avoid using spaces.

If you are planning on using access tokens, do not include $maintenanceModeAuthorizedIps as a file config setting.

Help & Feedback

If you have questions, comments, or suggestions, feel free to reach out to me on twitter @selvinortiz


Patrol for Craft CMS is open source software

MIT License