PhotoPrism® Plus includes the following additional config options, as well as more secure default settings to protect your instance by blocking vulnerability scanners and preventing the exploitation of newly discovered issues.
TIME for the browser to remember that the site is to be accessed only via HTTPS (0 to disable) plus
|rule applies to all subdomains as well plus
|submit to Google's HSTS preload service plus
|maximum number of consecutive failed LOGIN
ATTEMPTS from a single IP plus
DURATION between failed LOGIN attempts from a single IP (0-86400s) plus
|maximum number of malicious request
ATTEMPTS before a client IP is blocked (-1 to disable) plus
DURATION between malicious request attempts from a single IP (0-86400s) plus
|HTTP Content-Security-Policy (CSP)
|HTTP Cross-Origin-Opener-Policy (COOP)
|serve requests for this
HOSTNAME only plus
Using a Reverse Proxy
Providing these additional config options is a special service we offer to our members. However, advanced users can set the same web security headers in combination with a reverse proxy running in front of their instances if they did not sign up for a membership or have special requirements.
Should you decide to use alternative solutions, such as deploying a proxy or a web application firewall (WAF) in front of PhotoPrism, please note that our team will not be able to provide you with technical support and we recommend this only if you have the experience required.
For detailed information on specific product features, services, and related resources, see our Knowledge Base, or read the User Guide for help using the web user interface: