Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lintliot.com/llms.txt

Use this file to discover all available pages before exploring further.

Emergency lockdown is a single-button control on the Monitor page that immediately shifts your app into a hardened, read-only state. You’d use it when you’re watching an active attack unfold — a credential stuffing wave, a DDoS spike, a breach in progress — and you want to stop the bleeding in one click while you investigate.
When lockdown is active, your app becomes read-only. All POST, PUT, PATCH, and DELETE endpoints return an error. Any feature in your app that creates or modifies data — signups, purchases, profile updates, form submissions — will stop working for users until lockdown is lifted.

What lockdown does

Activating lockdown triggers five things simultaneously:
1

Rate limits drop to 1 request per minute

Every rate limit threshold across your app is overridden to 1 request per minute per IP, regardless of your configured baselines. This throttles even legitimate-looking traffic to a crawl.
2

IP allowlist-only mode enables

If you’ve configured an IP allowlist under Shield → IP Rules, lockdown switches your app to allowlist-only mode — only IPs on that list can reach your app at all. If you haven’t configured an allowlist, this step has no effect.
3

All write endpoints are disabled

Every HTTP endpoint that uses POST, PUT, PATCH, or DELETE returns an error response. Your app effectively becomes a read-only service. GET requests continue to work normally.
4

Push notification fires

A “Lockdown active” push notification is sent immediately, so you and your team are aware even if you’re not watching the dashboard.
5

Event log entry created

A system.lockdown_activated event is logged with your user ID and timestamp. This becomes part of your compliance audit trail and appears in the Forensics page.

How to activate lockdown

1

Go to the Monitor page

Click Monitor in the sidebar. The Emergency Lockdown button appears in the top-right action bar, labeled with a shield icon.
2

Click Emergency Lockdown

The button is styled with a red border to make it visually distinct. Clicking it opens an inline confirmation prompt — it does not activate immediately.
3

Confirm in the modal

You’ll see the prompt: “Confirm lockdown?” with Yes, Lock App and Cancel buttons. Click Yes, Lock App to activate. This two-step flow prevents accidental activation.
Once confirmed, the lockdown activates within seconds. A red banner reading “Lockdown Active — Your app is read-only” appears at the top of every dashboard page so the state is visible no matter which section you navigate to.

Lifting lockdown

You have two ways to lift lockdown:
  • Manually: Return to the Monitor page and click Lift Lockdown. The button label changes when lockdown is active. Lifting it is immediate — no confirmation step required.
  • Automatically: Lockdown lifts automatically after 1 hour if you haven’t lifted it manually. This prevents your app from being permanently stuck in read-only mode if you forget.
When lockdown is lifted, a system.lockdown_lifted event is logged, the red banner disappears, and your rate limits and write endpoints return to their normal configured state.

Health check bypass

If your app has health check or uptime monitoring endpoints (for example /health or /ping), you can configure them to bypass lockdown restrictions so your monitoring continues to report correctly during a lockdown. Configure bypass paths in your SDK initialization: 
const lintliot = createLintliot({
  apiKey: process.env.LINTLIOT_API_KEY,
  lockdownBypass: ['/health', '/ping'],
})
Paths listed in lockdownBypass are excluded from the rate limit override and the write endpoint block. They remain fully accessible during lockdown.
Only use lockdownBypass for paths that genuinely need to remain available — health checks, status endpoints, or webhook receivers where downtime would trigger false incident alerts. Don’t add regular API routes to bypass lockdown protections.

Plan availability

Emergency lockdown is available on the Team plan and above. It is not available on Free or Pro plans. If you’re on a Free or Pro plan and encounter an active attack, you can still:
  • Block specific IPs manually under Shield → IP Rules
  • Increase rate limit strictness under Shield → Rate Limits
  • Upgrade to Team to unlock emergency lockdown

What the lockdown banner looks like

While lockdown is active, every page in your dashboard shows a persistent banner at the top: 
🔒 Lockdown Active — Your app is read-only.   [Lift Lockdown]
The “Lift Lockdown” link in the banner takes you directly to the Monitor page so you can deactivate with one more click.