Skip to main content

Laravel CMS Lockdown

Lockdown is for the first minutes of an incident.

Stop normal frontend output, keep a trusted admin path open, and preserve the live page cache for recovery.

Lockdown gives Capell teams a last-ditch control when a site may be under attack or an admin account may be compromised. Public frontend traffic receives maintenance responses while the activating admin and configured break-glass users keep access to the admin area.

Behaviour

What changes when Lockdown is enabled.

Lockdown is not a replacement for incident response, patching, credential rotation, or server-level controls. It buys time while those jobs happen.

Frontend Public pages return maintenance. Visitors see a 503 maintenance response instead of normal page output, including when Laravel maintenance bypass cookies already exist.
Admin Only trusted admins stay in. The activating admin and configured break-glass users keep access; other admin sessions are blocked on their next request.
Cache Live page cache is preserved. Capell swaps the public page-cache directory for Lockdown HTML and restores the original cache when Lockdown is disabled.
Recovery The escape hatch is filesystem-based. The state lives outside the database so operators can remove the Lockdown file if no allowed admin account is available.
Runbook

Keep the runbook close.

Open docs Lockdown documentation Read the operator runbook for setup, page-cache behaviour, and filesystem recovery. Continue View operations Site operations See how Lockdown fits with cache refreshes, package upgrades, health checks, and recovery notes. Continue Report security Security reporting Report security issues with the right scope, detail, and contact path. Continue