diff --git a/docs.json b/docs.json
index e273677..6fe199b 100644
--- a/docs.json
+++ b/docs.json
@@ -181,6 +181,7 @@
"group": "Community Guides",
"pages": [
"self-host/community-guides/overview",
+ "self-host/community-guides/rules",
"self-host/community-guides/remove-geoblock-plugin",
"self-host/community-guides/crowdsec",
"self-host/community-guides/metrics",
diff --git a/manage/access-control/rules.mdx b/manage/access-control/rules.mdx
index 76dc9ef..61747e1 100644
--- a/manage/access-control/rules.mdx
+++ b/manage/access-control/rules.mdx
@@ -96,60 +96,6 @@ Pretty simple: you can match on simply an IP address like your home IP to bypass
- `34.45.245.64`
- `192.168.1.1`
-## Rules for Specific Apps
+### Community Contributed Rules
-This table compiles paths that need to be allowed for various apps to work with Pangolin authentication.
-
-| App | Required Bypass Rules |
-| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Media Management** | |
-| Radarr | `/api/*` |
-| Sonarr | `/api/*` |
-| Lidarr | `/api/*` |
-| **Media Servers** | |
-| Jellyfin (iOS) | `/system/info/public` |
-| Jellyfin (Roku) | `/System/Info/Public`
`/Users/AuthenticateByName`
`/Users/Public`
`/QuickConnect/Initiate`
`/QuickConnect/Connect`
`/Users/AuthenticateWithQuickConnect` |
-| Audiobookshelf | Audiobookshelf also supports `/audiobookshelf` by default. Each rule should also be applied to this path.
`/api/*`
`/login`
`/auth/*`
`/feed/*`
`/socket.io/`
`/status`
`/logout`
`/ping`
`/public/*`
The following is needed for public shares and is optional for clients:
`/share/*`
`/_nuxt/*.js`
`/_nuxt/fonts/*` |
-| **Management & Monitoring** | |
-| Tautulli | `/api/*` |
-| Harbour | `/api/*` |
-| Hoarder App | `/api/*` |
-| Uptime Kuma Manager | `/api/*`
`/socket.io/*` |
-| Beszel | `/api/beszel/agent-connect` |
-| MeshCentral | `/api/*`
`/meshrelay.ashx`
`/agent.ashx` |
-| **Security & Privacy** | |
-| AdGuard Home | `/api/*` |
-| Ente Auth | `*api*` |
-| Vaultwarden/Bitwarden | `/api/*`
`/identity/*`
`/wl/*`
Always Deny - Path - `/admin/*` |
-| **Cloud & Sync** | |
-| Nextcloud | `/` (Main interface)
`/index.php` (Core handler)
`/remote.php` (Remote access)
`/status.php` (Status checks)
`/ocs` (Collaboration Services API)
`/apps` (Applications)
`/remote.php/webdav` (WebDAV endpoint)
`/remote.php/dav` (CalDAV/CardDAV)
`/remote.php/caldav` (Calendar sync)
`/remote.php/carddav` (Contacts sync)
`/ocs/v1.php` (API endpoints)
`/ocs/v2.php` (API v2 endpoints)
`/login` (Authentication)
`/.well-known/*` (Service discovery)
`/.well-known/webfinger` (WebFinger protocol)
`/s/*` (Shared files/folders) |
-| Onlyoffice | `/cache/*`
`*/CommandService.ashx`
`*/converter/*`
`*/doc/*`
`*/downloadas/*`
`/downloadfile/*`
`*/fonts/*`
`/healthcheck`
`/methodology/*`
`*/plugins.json`
`*/sdkjs/*`
`*/sdkjs-plugins/*`
`*/themes.json`
`*/web-apps/*`
-| **Photo Management** | |
-| Ente Photos | `*api*` |
-| Immich | `/api/*`
`/.well-known/immich` |
-| **File Management** | |
-| Filebrowser | `/static/*`
`/share/*`
`/api/public/dl/*`
`/api/public/share/*` |
-| **Notes & Knowledge Management** | |
-| Joplin Notes Server | `/api/*`
`/shares/*`
`/css/*`
`/images/*`
Always Deny - Path - `/login/*` (optional) |
-| Erugo | `/api/*`
`/shares/*`
`/build/*`
`/get-logo` |
-| Memos | `/api/*`
`/assets/*`
`/explore*`
`/memos.api.v1.*`
`/auth/callback*`
`/auth`
`/site.webmanifest`
`/logo.webp`
`/full-logo.webp`
`/android-chrome-192x192.png` |
-| Linkding | `/api/*`
`/bookmarks/*`
Always Deny - Path - `/admin/*` |
-| **Communication** | |
-| Matrix/Synapse (Clients) | `/_matrix/*`
`/_synapse/client/*` |
-| Matrix/Synapse (Federation) | `/_matrix/*` |
-| **Notifications** | |
-| Gotify | `/version`
`/message`
`/application`
`/client`
`/stream`
`/plugin`
`/health` |
-| **Home Automation** | |
-| Home Assistant | `/api/*`
`/auth/*`
`/frontend_latest/*`
`/lovelace/*`
`/static/*`
`/hacsfiles/*`
`/local/*`
`/manifest.json`
`/sw-modern.js` |
-| n8n | `/webhook-test/*/webhook`
`/webhook/*/webhook` |
-| **Project Management** | |
-| Jetbrains Youtrack | `/api/*`
`/hub/api/*`
|
-| **Genealogy** | |
-| Gramps Web | `/api/*`
-| **Analytics** | |
-| Liwan | `/script.js`
`/api/send` |
-| Umami | `/script.js`
`/api/send` |
-
-
-These rules are examples and may need to be adjusted based on your specific app configuration and version.
-
+Some common bypass paths for common self hosted apps can be found [in the community contributed rules](/self-host/community-guides/rules).
\ No newline at end of file
diff --git a/self-host/community-guides/rules.mdx b/self-host/community-guides/rules.mdx
new file mode 100644
index 0000000..7726e33
--- /dev/null
+++ b/self-host/community-guides/rules.mdx
@@ -0,0 +1,65 @@
+---
+title: "Bypass Rules"
+description: "Community bypass rules for common self hosted apps"
+---
+
+import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";
+
+
+
+This table compiles paths that need to be allowed for various apps to work with Pangolin authentication.
+
+| App | Required Bypass Rules |
+| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Media Management** | |
+| Radarr | `/api/*` |
+| Sonarr | `/api/*` |
+| Lidarr | `/api/*` |
+| **Media Servers** | |
+| Jellyfin (iOS) | `/system/info/public` |
+| Jellyfin (Roku) | `/System/Info/Public`
`/Users/AuthenticateByName`
`/Users/Public`
`/QuickConnect/Initiate`
`/QuickConnect/Connect`
`/Users/AuthenticateWithQuickConnect` |
+| Audiobookshelf | Audiobookshelf also supports `/audiobookshelf` by default. Each rule should also be applied to this path.
`/api/*`
`/login`
`/auth/*`
`/feed/*`
`/socket.io/`
`/status`
`/logout`
`/ping`
`/public/*`
The following is needed for public shares and is optional for clients:
`/share/*`
`/_nuxt/*.js`
`/_nuxt/fonts/*` |
+| **Management & Monitoring** | |
+| Tautulli | `/api/*` |
+| Harbour | `/api/*` |
+| Hoarder App | `/api/*` |
+| Uptime Kuma Manager | `/api/*`
`/socket.io/*` |
+| Beszel | `/api/beszel/agent-connect` |
+| MeshCentral | `/api/*`
`/meshrelay.ashx`
`/agent.ashx` |
+| **Security & Privacy** | |
+| AdGuard Home | `/api/*` |
+| Ente Auth | `*api*` |
+| Vaultwarden/Bitwarden | `/api/*`
`/identity/*`
`/wl/*`
Always Deny - Path - `/admin/*` |
+| **Cloud & Sync** | |
+| Nextcloud | `/` (Main interface)
`/index.php` (Core handler)
`/remote.php` (Remote access)
`/status.php` (Status checks)
`/ocs` (Collaboration Services API)
`/apps` (Applications)
`/remote.php/webdav` (WebDAV endpoint)
`/remote.php/dav` (CalDAV/CardDAV)
`/remote.php/caldav` (Calendar sync)
`/remote.php/carddav` (Contacts sync)
`/ocs/v1.php` (API endpoints)
`/ocs/v2.php` (API v2 endpoints)
`/login` (Authentication)
`/.well-known/*` (Service discovery)
`/.well-known/webfinger` (WebFinger protocol)
`/s/*` (Shared files/folders) |
+| Onlyoffice | `/cache/*`
`*/CommandService.ashx`
`*/converter/*`
`*/doc/*`
`*/downloadas/*`
`/downloadfile/*`
`*/fonts/*`
`/healthcheck`
`/methodology/*`
`*/plugins.json`
`*/sdkjs/*`
`*/sdkjs-plugins/*`
`*/themes.json`
`*/web-apps/*` |
+| **Photo Management** | |
+| Ente Photos | `*api*` |
+| Immich | `/api/*`
`/.well-known/immich` |
+| **File Management** | |
+| Filebrowser | `/static/*`
`/share/*`
`/api/public/dl/*`
`/api/public/share/*` |
+| **Notes & Knowledge Management** | |
+| Joplin Notes Server | `/api/*`
`/shares/*`
`/css/*`
`/images/*`
Always Deny - Path - `/login/*` (optional) |
+| Erugo | `/api/*`
`/shares/*`
`/build/*`
`/get-logo` |
+| Memos | `/api/*`
`/assets/*`
`/explore*`
`/memos.api.v1.*`
`/auth/callback*`
`/auth`
`/site.webmanifest`
`/logo.webp`
`/full-logo.webp`
`/android-chrome-192x192.png` |
+| Linkding | `/api/*`
`/bookmarks/*`
Always Deny - Path - `/admin/*` |
+| **Communication** | |
+| Matrix/Synapse (Clients) | `/_matrix/*`
`/_synapse/client/*` |
+| Matrix/Synapse (Federation) | `/_matrix/*` |
+| **Notifications** | |
+| Gotify | `/version`
`/message`
`/application`
`/client`
`/stream`
`/plugin`
`/health` |
+| **Home Automation** | |
+| Home Assistant | `/api/*`
`/auth/*`
`/frontend_latest/*`
`/lovelace/*`
`/static/*`
`/hacsfiles/*`
`/local/*`
`/manifest.json`
`/sw-modern.js` |
+| n8n | `/webhook-test/*/webhook`
`/webhook/*/webhook` |
+| **Project Management** | |
+| Jetbrains Youtrack | `/api/*`
`/hub/api/*`
|
+| **Genealogy** | |
+| Gramps Web | `/api/*` |
+| **Analytics** | |
+| Liwan | `/script.js`
`/api/send` |
+| Umami | `/script.js`
`/api/send` |
+
+
+ These rules are examples and may need to be adjusted based on your specific
+ app configuration and version.
+