Whitelisting Guide

Allow Pin Feed through your firewall

Pin Feed loads your website through a server-side proxy so reviewers can pin comments and draw on it. If your site is behind Cloudflare, Wordfence, or a similar firewall, our proxy may be blocked as “automated traffic.” Forward this page to your site admin — the rules below take 30 seconds and only let Pin Feed through.

What to whitelist

User-Agent: PinFeed/1.0
Custom header: X-PinFeed-Request: true
Source IP: 206.189.199.164

All Pin Feed proxy requests carry these identifiers. Match any one of them in your firewall to safely allow our traffic without weakening other rules.

Cloudflare

Most common case. Add a single Custom Rule that lets Pin Feed’s User-Agent skip your bot protection. Works on Free, Pro, Business, and Enterprise plans.

Rule expression (paste into the editor):

(http.user_agent contains "PinFeed/1.0")

Or use the visual rule builder:

// Cloudflare → Security → WAF → Custom rules → Create rule
// Field: User Agent
// Operator: contains
// Value: PinFeed/1.0
// Action: Skip
// Then check: All remaining custom rules, Rate limiting, Bot Fight Mode

Heads up: Cloudflare’s free “Bot Fight Mode” (Security → Bots) cannot be skipped by Custom Rules — you’ll need to either disable it for the duration of the review or upgrade to “Super Bot Fight Mode” (Pro plan or above), which can be bypassed via the rule above.

nginx

If you run nginx directly (without Cloudflare in front), match on User-Agent inside your server block.

# nginx — allow Pin Feed inside any "deny all" rule
map $http_user_agent $is_pinfeed {
    default 0;
    ~*PinFeed/1\.0 1;
}

# In your server { } block:
location / {
    if ($is_pinfeed) { set $skip_security 1; }
    # ... your existing rules
}

Apache .htaccess

For Apache servers and managed WordPress hosts that expose .htaccess.

# Apache .htaccess — allow Pin Feed past mod_security
SetEnvIfNoCase User-Agent "PinFeed/1\.0" pinfeed
<RequireAll>
  Require all granted
  Require not env pinfeed_blocked
</RequireAll>

Wordfence (WordPress)

If your WordPress site uses Wordfence, add Pin Feed to the Whitelisted Services list.

Wordfence → Tools → Diagnostics → Whitelisted Services
Add a new entry:
  Service Name : Pin Feed
  IP Range     : 206.189.199.164
  User Agent   : PinFeed/1.0

Other firewalls

For Sucuri, Imperva, AWS WAF, F5, or any other security layer: create an allow / skip rule that matches on the User-Agent string above. If your firewall doesn't support User-Agent matching, allowlist the source IP instead.

We keep our outbound IP stable so site admins can rely on it. If we ever change it, we’ll update this page and notify customers in advance. Subscribe at support@app.pinfeed.io to get notified.

Frequently asked

Why does Pin Feed need to load my site server-side?

Most websites set headers (X-Frame-Options, Content-Security-Policy) that prevent them from being loaded inside another site’s iframe. Our proxy fetches your page server-side, strips those headers, and serves it under our own domain so reviewers can pin comments on top of it. Without the proxy, annotation isn’t possible.

Is whitelisting Pin Feed safe?

Yes. The rules above only let Pin Feed’s identified traffic through — they don’t weaken any other firewall rule, and they don’t expose your site to other bots or scrapers. Our requests are read-only and rate-limited.

Can I whitelist temporarily?

Yes. The Cloudflare rule above can be toggled on and off from the Custom Rules dashboard. Many teams enable it during a review cycle and disable it afterward.