Skip to content

Security Settings

security

Security settings restrict login and MCP access. Click Save & restart after changing them.

  • Login IP Whitelist: IPv4/IPv6 CIDR ranges allowed to access login. Empty means all IPs are allowed.
  • Login API Tokens: bearer tokens that can access protected APIs.
  • MCP IP Whitelist: CIDR ranges allowed to access MCP. Empty means deny IP-based MCP access.
  • MCP API Tokens: bearer tokens for MCP.

config.json

Section: security

KeyDescriptionTypeWebUI fieldDefault
login_whitelistLogin IP whiteliststring arrayLogin IP Whitelist[]
login_tokensLogin API tokensstring arrayLogin API Tokens[]
mcp_whitelistMCP IP whiteliststring arrayMCP IP Whitelistlocal-network CIDRs or []
mcp_tokensMCP API tokensstring arrayMCP API Tokens[]
webauthn_rp_idPasskey RP IDstringconfig only""
webauthn_originPasskey originstringconfig only""

WARNING

Use long random tokens and never commit real tokens to a public repository.

AutoBangumi is released under the MIT License. (latest: v3.3.2)