{"id":4650,"date":"2026-02-06T23:53:52","date_gmt":"2026-02-06T20:53:52","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/staging-ve-test-ortamlari-icin-noindex-parola-ve-ip-kisitlama-stratejileri\/"},"modified":"2026-02-06T23:53:52","modified_gmt":"2026-02-06T20:53:52","slug":"staging-ve-test-ortamlari-icin-noindex-parola-ve-ip-kisitlama-stratejileri","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/staging-ve-test-ortamlari-icin-noindex-parola-ve-ip-kisitlama-stratejileri\/","title":{"rendered":"Staging ve Test Ortamlar\u0131 \u0130\u00e7in Noindex, Parola ve IP K\u0131s\u0131tlama Stratejileri"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>Staging ortam\u0131 g\u00fcvenli\u011fi ihmal edildi\u011finde, sadece birka\u00e7 yanl\u0131\u015f t\u0131klama ile canl\u0131 sitenizin SEO\u2019sunu, gizli verilerini ve marka itibar\u0131n\u0131 ayn\u0131 anda riske atabilirsiniz. \u00d6zellikle ajanslar, SaaS ekipleri ve kurumsal web projelerinde staging ve test ortamlar\u0131; yeni \u00f6zelliklerin denendi\u011fi, hatalar\u0131n ay\u0131kland\u0131\u011f\u0131 ve \u00e7o\u011fu zaman canl\u0131 verilerin kopyaland\u0131\u011f\u0131 alanlar oluyor. Bu da onlar\u0131 hem arama motoru botlar\u0131 i\u00e7in \u00e7ekici, hem de siber sald\u0131rganlar i\u00e7in de\u011ferli hedefler haline getiriyor.<\/p>\n<p>Bu yaz\u0131da DCHost ekibi olarak sahada s\u00fcrekli g\u00f6rd\u00fc\u011f\u00fcm\u00fcz bir konuyu detayland\u0131raca\u011f\u0131z: Staging ve test ortamlar\u0131n\u0131 nas\u0131l <strong>noindex<\/strong>, <strong>parola<\/strong> ve <strong>IP k\u0131s\u0131tlama<\/strong> katmanlar\u0131yla birlikte korursunuz? Sadece teoriden bahsetmeyece\u011fiz; .htaccess ve Nginx \u00f6rneklerinden, ajans ve SaaS senaryolar\u0131na kadar uygulanabilir bir yol haritas\u0131 \u00e7\u0131karaca\u011f\u0131z. Ayr\u0131ca staging alan ad\u0131 se\u00e7iminden robots.txt stratejilerine, DCHost altyap\u0131s\u0131nda pratikte neleri nas\u0131l kurgulayabilece\u011finizi ad\u0131m ad\u0131m netle\u015ftirece\u011fiz.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Staging_ve_Test_Ortamlarini_Neden_Mutlaka_Korumalisiniz\"><span class=\"toc_number toc_depth_1\">1<\/span> Staging ve Test Ortamlar\u0131n\u0131 Neden Mutlaka Korumal\u0131s\u0131n\u0131z?<\/a><\/li><li><a href=\"#Noindex_Stratejileri_Stagingi_Arama_Motorlarinin_Radarindan_Cikarmak\"><span class=\"toc_number toc_depth_1\">2<\/span> Noindex Stratejileri: Staging\u2019i Arama Motorlar\u0131n\u0131n Radar\u0131ndan \u00c7\u0131karmak<\/a><ul><li><a href=\"#Meta_robots_etiketi_ile_noindex\"><span class=\"toc_number toc_depth_2\">2.1<\/span> Meta robots etiketi ile noindex<\/a><\/li><li><a href=\"#X-Robots-Tag_HTTP_basligi\"><span class=\"toc_number toc_depth_2\">2.2<\/span> X-Robots-Tag HTTP ba\u015fl\u0131\u011f\u0131<\/a><\/li><li><a href=\"#robotstxt_nerede_ise_yarar_nerede_yaramaz\"><span class=\"toc_number toc_depth_2\">2.3<\/span> robots.txt nerede i\u015fe yarar, nerede yaramaz?<\/a><\/li><li><a href=\"#Canonical_sitemap_ve_alt_alan_adi_karari\"><span class=\"toc_number toc_depth_2\">2.4<\/span> Canonical, sitemap ve alt alan ad\u0131 karar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Parola_Korumasi_Hizli_ve_Etkili_Ilk_Guvenlik_Katmani\"><span class=\"toc_number toc_depth_1\">3<\/span> Parola Korumas\u0131: H\u0131zl\u0131 ve Etkili \u0130lk G\u00fcvenlik Katman\u0131<\/a><ul><li><a href=\"#Apache_htaccess_ile_HTTP_Basic_Auth\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Apache (.htaccess) ile HTTP Basic Auth<\/a><\/li><li><a href=\"#Nginx_ile_parola_koruma_ornegi\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Nginx ile parola koruma \u00f6rne\u011fi<\/a><\/li><li><a href=\"#Uygulama_ici_giris_ekrani_yeterli_mi\"><span class=\"toc_number toc_depth_2\">3.3<\/span> Uygulama i\u00e7i giri\u015f ekran\u0131 yeterli mi?<\/a><\/li><\/ul><\/li><li><a href=\"#IP_Kisitlama_Erisimi_Ofis_ve_Ekip_IPleriyle_Sinirlandirmak\"><span class=\"toc_number toc_depth_1\">4<\/span> IP K\u0131s\u0131tlama: Eri\u015fimi Ofis ve Ekip IP\u2019leriyle S\u0131n\u0131rland\u0131rmak<\/a><ul><li><a href=\"#Apache_ve_Nginx_ile_IP_allowlist_ornekleri\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Apache ve Nginx ile IP allowlist \u00f6rnekleri<\/a><\/li><li><a href=\"#Dinamik_IP_ve_uzaktan_calisan_ekipler\"><span class=\"toc_number toc_depth_2\">4.2<\/span> Dinamik IP ve uzaktan \u00e7al\u0131\u015fan ekipler<\/a><\/li><\/ul><\/li><li><a href=\"#Staging_Ortaminin_Domain_DNS_ve_Hosting_Mimarisini_Dogru_Kurmak\"><span class=\"toc_number toc_depth_1\">5<\/span> Staging Ortam\u0131n\u0131n Domain, DNS ve Hosting Mimarisini Do\u011fru Kurmak<\/a><ul><li><a href=\"#Alt_alan_adi_mi_ayri_domain_mi\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Alt alan ad\u0131 m\u0131, ayr\u0131 domain mi?<\/a><\/li><li><a href=\"#DNS_ve_TTL_stratejisi\"><span class=\"toc_number toc_depth_2\">5.2<\/span> DNS ve TTL stratejisi<\/a><\/li><li><a href=\"#DCHost_uzerinde_staging_icin_tipik_kurulumlar\"><span class=\"toc_number toc_depth_2\">5.3<\/span> DCHost \u00fczerinde staging i\u00e7in tipik kurulumlar<\/a><\/li><\/ul><\/li><li><a href=\"#Gercekci_Senaryolar_Ajans_Kurumsal_Site_ve_SaaS_Ornekleri\"><span class=\"toc_number toc_depth_1\">6<\/span> Ger\u00e7ek\u00e7i Senaryolar: Ajans, Kurumsal Site ve SaaS \u00d6rnekleri<\/a><ul><li><a href=\"#1_Kucuk_ajans_ve_15_musteri_sitesi\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 1) K\u00fc\u00e7\u00fck ajans ve 15+ m\u00fc\u015fteri sitesi<\/a><\/li><li><a href=\"#2_B2B_kurumsal_site_ve_KVKK_hassasiyeti\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 2) B2B kurumsal site ve KVKK hassasiyeti<\/a><\/li><li><a href=\"#3_SaaS_urunu_ve_CICD_hatti\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 3) SaaS \u00fcr\u00fcn\u00fc ve CI\/CD hatt\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_Uzerinde_Uygulanabilir_Staging_Guvenlik_Kontrol_Listesi\"><span class=\"toc_number toc_depth_1\">7<\/span> DCHost \u00dczerinde Uygulanabilir Staging G\u00fcvenlik Kontrol Listesi<\/a><\/li><li><a href=\"#Sonuc_ve_Onerilen_Yol_Haritasi\"><span class=\"toc_number toc_depth_1\">8<\/span> Sonu\u00e7 ve \u00d6nerilen Yol Haritas\u0131<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Staging_ve_Test_Ortamlarini_Neden_Mutlaka_Korumalisiniz\">Staging ve Test Ortamlar\u0131n\u0131 Neden Mutlaka Korumal\u0131s\u0131n\u0131z?<\/span><\/h2>\n<p>\u00d6nce \u015fu soruyu netle\u015ftirelim: Neden staging ortamlar\u0131n\u0131 canl\u0131 site kadar ciddiye almal\u0131s\u0131n\u0131z? Cevap, genelde \u00fc\u00e7 ba\u015fl\u0131kta toplan\u0131yor:<\/p>\n<ul>\n<li><strong>SEO riski:<\/strong> Staging ortam\u0131 indekslenirse, ayn\u0131 i\u00e7erik iki farkl\u0131 alan ad\u0131nda g\u00f6r\u00fcn\u00fcr. Bu da kopya i\u00e7erik (duplicate content), yanl\u0131\u015f canonical, hatal\u0131 sitemap ve bazen de staging URL\u2019lerin arama sonu\u00e7lar\u0131nda \u00f6ne \u00e7\u0131kmas\u0131 gibi sorunlara yol a\u00e7ar.<\/li>\n<li><strong>Gizlilik ve KVKK\/GDPR riski:<\/strong> Staging\u2019de s\u0131k\u00e7a canl\u0131 veritaban\u0131n\u0131n kopyas\u0131 kullan\u0131l\u0131r. M\u00fc\u015fteri bilgileri, sipari\u015fler, ticket kay\u0131tlar\u0131 gibi ki\u015fisel veriler, zay\u0131f korunan bir test ortam\u0131nda a\u00e7\u0131kta kalabilir.<\/li>\n<li><strong>G\u00fcvenlik y\u00fczeyinin b\u00fcy\u00fcmesi:<\/strong> Her ek ortam, potansiyel bir ek sald\u0131r\u0131 y\u00fczeyi demek. \u00d6zellikle eski kodlar\u0131n, eski k\u00fct\u00fcphanelerin ve debug modlar\u0131n\u0131n a\u00e7\u0131k oldu\u011fu staging ortamlar\u0131 sald\u0131rganlar i\u00e7in cazip hedeftir.<\/li>\n<\/ul>\n<p>Bu riskleri daha geni\u015f mimari ba\u011flamda g\u00f6rmek isterseniz, geli\u015ftirme\u2013test\u2013canl\u0131 ayr\u0131m\u0131n\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/gelistirme-test-ve-canli-ortamlar-icin-hosting-mimarisi\/\">geli\u015ftirme, test ve canl\u0131 ortamlar i\u00e7in hosting mimarisi<\/a> rehberine de mutlaka g\u00f6z at\u0131n.<\/p>\n<h2><span id=\"Noindex_Stratejileri_Stagingi_Arama_Motorlarinin_Radarindan_Cikarmak\">Noindex Stratejileri: Staging\u2019i Arama Motorlar\u0131n\u0131n Radar\u0131ndan \u00c7\u0131karmak<\/span><\/h2>\n<p>\u0130lk katman, staging ortam\u0131n\u0131n arama motorlar\u0131 taraf\u0131ndan indekslenmesini \u00f6nlemek. Buradaki temel fikir \u015fu: Bot\u2019lar staging alan\u0131n\u0131 g\u00f6rseler bile, i\u00e7eriklerini dizine eklememeliler. Bunun i\u00e7in \u00fc\u00e7 ana ara\u00e7 kullan\u0131yoruz: <strong>meta robots<\/strong>, <strong>X-Robots-Tag HTTP ba\u015fl\u0131klar\u0131<\/strong> ve <strong>robots.txt<\/strong>.<\/p>\n<h3><span id=\"Meta_robots_etiketi_ile_noindex\">Meta robots etiketi ile noindex<\/span><\/h3>\n<p>En bilinen y\u00f6ntem, HTML sayfalar\u0131n head b\u00f6l\u00fcm\u00fcne <code>&lt;meta name=\"robots\" content=\"noindex, nofollow\"&gt;<\/code> eklemektir:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">&lt;head&gt;\n  &lt;meta charset=&quot;utf-8&quot;&gt;\n  &lt;title&gt;Staging Site&lt;\/title&gt;\n  &lt;meta name=&quot;robots&quot; content=&quot;noindex, nofollow&quot;&gt;\n&lt;\/head&gt;\n<\/code><\/pre>\n<ul>\n<li><strong>Avantaj\u0131:<\/strong> Uygulama seviyesinde, \u00e7er\u00e7eve ba\u011f\u0131ms\u0131z ve h\u0131zl\u0131 uygulan\u0131r.<\/li>\n<li><strong>Dezavantaj\u0131:<\/strong> Sayfan\u0131n ger\u00e7ekten y\u00fcklenmesi gerekir; yanl\u0131\u015fl\u0131kla canl\u0131ya ta\u015f\u0131nan bir tema veya cache, bu etiketi silebilir.<\/li>\n<\/ul>\n<p>WordPress veya Laravel gibi ortamlarda, ortam de\u011fi\u015fkenine g\u00f6re bu etiketi eklemek olduk\u00e7a pratiktir. \u00d6rne\u011fin Laravel\u2019de <code>APP_ENV=staging<\/code> ise blade \u015fablonundan condition ile meta robots ekleyebilirsiniz.<\/p>\n<h3><span id=\"X-Robots-Tag_HTTP_basligi\">X-Robots-Tag HTTP ba\u015fl\u0131\u011f\u0131<\/span><\/h3>\n<p>Daha merkezi bir yakla\u015f\u0131m, HTTP cevab\u0131na X-Robots-Tag ba\u015fl\u0131\u011f\u0131 eklemektir. Bu sayede HTML d\u0131\u015f\u0131nda PDF, JSON veya di\u011fer \u00e7\u0131kt\u0131lar\u0131 da noindex yapabilirsiniz.<\/p>\n<p>Apache i\u00e7in bir \u00f6rnek:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">&lt;IfModule mod_headers.c&gt;\n  Header set X-Robots-Tag &quot;noindex, nofollow&quot; env=staging_env\n&lt;\/IfModule&gt;\n<\/code><\/pre>\n<p>Nginx i\u00e7in:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">map $host $staging_flag {\n    default         0;\n    staging.ornek.com 1;\n}\n\nserver {\n    server_name staging.ornek.com;\n\n    if ($staging_flag) {\n        add_header X-Robots-Tag &quot;noindex, nofollow&quot; always;\n    }\n}\n<\/code><\/pre>\n<p>Avantaj\u0131, uygulamadan ba\u011f\u0131ms\u0131z olmas\u0131d\u0131r. Ayn\u0131 sunucuda birden fazla staging uygulaman\u0131z varsa, hepsini tek yerden noindex yapabilirsiniz.<\/p>\n<h3><span id=\"robotstxt_nerede_ise_yarar_nerede_yaramaz\">robots.txt nerede i\u015fe yarar, nerede yaramaz?<\/span><\/h3>\n<p><code>robots.txt<\/code> dosyas\u0131 uzun y\u0131llard\u0131r &#8220;staging\u2019i engellemek&#8221; i\u00e7in kullan\u0131lan ilk ara\u00e7lardan biri. Ancak kritik bir ger\u00e7ek var: <strong>robots.txt, noindex demek de\u011fildir.<\/strong> Sadece tarama talimat\u0131 verir; URL\u2019ler h\u00e2l\u00e2 dizine girebilir.<\/p>\n<p>Tipik staging robots.txt \u00f6rne\u011fi:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">User-agent: *\nDisallow: \/\n<\/code><\/pre>\n<p>Bu, taramay\u0131 yasaklar; ama bir yerde staging URL\u2019inize link verilirse, arama sonu\u00e7lar\u0131nda ba\u015fl\u0131ks\u0131z bir URL olarak g\u00f6r\u00fcnmesi h\u00e2l\u00e2 m\u00fcmk\u00fcn olabilir. Bu y\u00fczden robots.txt\u2019yi <strong>noindex stratejisinin tamamlay\u0131c\u0131s\u0131<\/strong> olarak d\u00fc\u015f\u00fcn\u00fcn, yerine de\u011fil.<\/p>\n<p>robots.txt ve sitemap etkile\u015fimlerini daha derin anlamak isterseniz, \u015fu yaz\u0131m\u0131za g\u00f6z atabilirsiniz: <a href=\"https:\/\/www.dchost.com\/blog\/robots-txt-ve-sitemap-xml-dogru-kurulumu-adim-adim-seo-ve-hosting-rehberi\/\">robots.txt ve sitemap.xml do\u011fru kurulumu<\/a>.<\/p>\n<h3><span id=\"Canonical_sitemap_ve_alt_alan_adi_karari\">Canonical, sitemap ve alt alan ad\u0131 karar\u0131<\/span><\/h3>\n<p>Staging ortam\u0131n\u0131 \u00e7o\u011fu zaman <code>staging.ornek.com<\/code> veya <code>test.ornek.com<\/code> gibi bir alt alan ad\u0131na kuruyoruz. Bu, hem y\u00f6netimi kolayla\u015ft\u0131r\u0131r hem de arama motorlar\u0131na &#8220;bu ayr\u0131 bir ortam&#8221; sinyali verir. Dikkat etmeniz gerekenler:<\/p>\n<ul>\n<li>Staging\u2019deki <strong>canonical etiketlerinin canl\u0131 siteyi g\u00f6stermesi<\/strong> genelde tercih edilir: <code>&lt;link rel=\"canonical\" href=\"https:\/\/www.ornek.com\/urun\/123\"&gt;<\/code><\/li>\n<li>Staging alan\u0131n\u0131 <strong>sitemap.xml<\/strong> i\u00e7ine <em>almay\u0131n<\/em>; sadece canl\u0131 domain sitemap\u2019te olmal\u0131.<\/li>\n<li>Staging alan ad\u0131n\u0131 <strong>Search Console<\/strong> gibi ara\u00e7lara ekleseniz bile, orada da a\u00e7\u0131k\u00e7a &#8220;noindex&#8221; durumu takip edilmeli.<\/li>\n<\/ul>\n<h2><span id=\"Parola_Korumasi_Hizli_ve_Etkili_Ilk_Guvenlik_Katmani\">Parola Korumas\u0131: H\u0131zl\u0131 ve Etkili \u0130lk G\u00fcvenlik Katman\u0131<\/span><\/h2>\n<p>Noindex tek ba\u015f\u0131na g\u00fcvenlik sa\u011flamaz; sadece SEO taraf\u0131n\u0131 korur. Staging ve test ortamlar\u0131nda mutlaka <strong>kimlik do\u011frulama<\/strong> olmal\u0131. Burada en pratik katman genelde HTTP Basic Auth veya web sunucu seviyesinde parola korumas\u0131d\u0131r.<\/p>\n<h3><span id=\"Apache_htaccess_ile_HTTP_Basic_Auth\">Apache (.htaccess) ile HTTP Basic Auth<\/span><\/h3>\n<p>Payla\u015f\u0131ml\u0131 hosting veya DCHost \u00fczerinde klasik Apache yap\u0131land\u0131rmas\u0131 kullan\u0131yorsan\u0131z, staging dizininize basit bir .htaccess dosyas\u0131yla parola koyabilirsiniz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">AuthType Basic\nAuthName &quot;Staging Ortami&quot;\nAuthUserFile \/home\/kullanici\/.htpasswd\nRequire valid-user\n<\/code><\/pre>\n<p>Ard\u0131ndan .htpasswd dosyas\u0131n\u0131 olu\u015fturursunuz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">htpasswd -c \/home\/kullanici\/.htpasswd stagingkullanici<\/code><\/pre>\n<p>Avantajlar\u0131:<\/p>\n<ul>\n<li>Taray\u0131c\u0131 seviyesinde, \u00e7er\u00e7eve ba\u011f\u0131ms\u0131z ve h\u0131zl\u0131.<\/li>\n<li>Uygulama login katman\u0131ndan tamamen ayr\u0131, bu y\u00fczden framework g\u00fcncellemesinden etkilenmiyor.<\/li>\n<\/ul>\n<h3><span id=\"Nginx_ile_parola_koruma_ornegi\">Nginx ile parola koruma \u00f6rne\u011fi<\/span><\/h3>\n<p>Nginx kullanan <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>larda ise yap\u0131land\u0131rma \u015fu \u015fekilde olabilir:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">location \/ {\n    auth_basic           &quot;Staging Ortami&quot;;\n    auth_basic_user_file \/etc\/nginx\/.htpasswd-staging;\n\n    proxy_pass http:\/\/127.0.0.1:9000;\n}\n<\/code><\/pre>\n<p>Burada da .htpasswd dosyas\u0131 Apache ile ayn\u0131 format\u0131 kullan\u0131r, <code>htpasswd<\/code> komutu ile olu\u015fturabilirsiniz. DCHost \u00fczerindeki VPS planlar\u0131n\u0131zda bu yap\u0131y\u0131 Nginx reverse proxy ile \u00e7ok rahat kurabilirsiniz.<\/p>\n<h3><span id=\"Uygulama_ici_giris_ekrani_yeterli_mi\">Uygulama i\u00e7i giri\u015f ekran\u0131 yeterli mi?<\/span><\/h3>\n<p>&#8220;Zaten admin paneline giri\u015f var, staging\u2019e ayr\u0131ca parola gerek var m\u0131?&#8221; sorusu \u00e7ok geliyor. K\u0131sa cevap: <strong>Genelde yetmez.<\/strong><\/p>\n<ul>\n<li>Uygulama login ekran\u0131na kadar t\u00fcm sayfa, bot\u2019lara ve sald\u0131rganlara a\u00e7\u0131k olur.<\/li>\n<li>Admin kullan\u0131c\u0131lar\u0131n\u0131n \u015fifreleri s\u0131zarsa, staging ortam\u0131 sald\u0131rganlar i\u00e7in test alan\u0131na d\u00f6n\u00fc\u015f\u00fcr.<\/li>\n<li>Baz\u0131 sayfalar (API endpoint\u2019leri, debug route\u2019lar\u0131) uygulama login\u2019i d\u0131\u015f\u0131nda kalabilir.<\/li>\n<\/ul>\n<p>Bu y\u00fczden en ideal yakla\u015f\u0131m, <strong>iki katmanl\u0131<\/strong> bir yap\u0131:<\/p>\n<ol>\n<li>\u00d6nce HTTP Basic Auth (veya benzeri sunucu taraf\u0131 parola),<\/li>\n<li>Ard\u0131ndan uygulama login ekran\u0131.<\/li>\n<\/ol>\n<p>WordPress kullanan ekipler i\u00e7in hem staging hem canl\u0131 ortamda g\u00fcvenli giri\u015f tasar\u0131m\u0131 kritik. Ayr\u0131nt\u0131lar i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/wordpress-guvenli-giris-mimarisi-2fa-ip-kisitlama-recaptcha-ve-xml-rpc-korumasi\/\">WordPress g\u00fcvenli giri\u015f mimarisi<\/a> yaz\u0131m\u0131z\u0131 da inceleyebilirsiniz.<\/p>\n<h2><span id=\"IP_Kisitlama_Erisimi_Ofis_ve_Ekip_IPleriyle_Sinirlandirmak\">IP K\u0131s\u0131tlama: Eri\u015fimi Ofis ve Ekip IP\u2019leriyle S\u0131n\u0131rland\u0131rmak<\/span><\/h2>\n<p>Parola korumas\u0131 \u00f6nemli ama \u015fifreler payla\u015f\u0131l\u0131r, ekran g\u00f6r\u00fcnt\u00fcleri dola\u015f\u0131r, eski \u00e7al\u0131\u015fanlar\u0131n bilgileri kal\u0131r. Bu y\u00fczden staging ortam\u0131 i\u00e7in \u00fc\u00e7\u00fcnc\u00fc katman olarak <strong>IP allowlist<\/strong> (beyaz liste) ciddi bir g\u00fcvenlik kazan\u0131m\u0131 sa\u011flar.<\/p>\n<h3><span id=\"Apache_ve_Nginx_ile_IP_allowlist_ornekleri\">Apache ve Nginx ile IP allowlist \u00f6rnekleri<\/span><\/h3>\n<p>Apache taraf\u0131nda, sadece belirli IP\u2019lere izin vermek i\u00e7in:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">Require all denied\nRequire ip 203.0.113.10\nRequire ip 198.51.100.0\/24\n<\/code><\/pre>\n<p>Nginx taraf\u0131nda ise:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">location \/ {\n    allow 203.0.113.10;\n    allow 198.51.100.0\/24;\n    deny all;\n\n    proxy_pass http:\/\/127.0.0.1:9000;\n}\n<\/code><\/pre>\n<p>Bu yap\u0131 ile sadece ofis IP\u2019niz veya VPN \u00e7\u0131k\u0131\u015f IP\u2019leriniz staging ortam\u0131na eri\u015febilir. Geri kalan t\u00fcm istekler 403 hatas\u0131 al\u0131r.<\/p>\n<h3><span id=\"Dinamik_IP_ve_uzaktan_calisan_ekipler\">Dinamik IP ve uzaktan \u00e7al\u0131\u015fan ekipler<\/span><\/h3>\n<p>&#8220;Ekibin IP\u2019si s\u00fcrekli de\u011fi\u015fiyor, IP k\u0131s\u0131tlamas\u0131 yapamay\u0131z&#8221; itiraz\u0131n\u0131 da s\u0131k duyuyoruz. Burada pratik \u00e7\u00f6z\u00fcmler:<\/p>\n<ul>\n<li>Ekip i\u00e7in basit bir <strong>VPN sunucusu<\/strong> kurup (\u00f6r. WireGuard), staging\u2019e sadece VPN \u00e7\u0131k\u0131\u015f IP\u2019sini tan\u0131mlamak.<\/li>\n<li>IP k\u0131s\u0131tlamas\u0131n\u0131 sadece <strong>admin panelleri<\/strong> ve kritik route\u2019lar i\u00e7in uygulamak.<\/li>\n<li>K\u00fc\u00e7\u00fck ekiplerde, IP k\u0131s\u0131tlamas\u0131n\u0131 sadece belirli rollerde (\u00f6rne\u011fin devops ve lead geli\u015ftiriciler) zorunlu k\u0131lmak.<\/li>\n<\/ul>\n<p>VPN taraf\u0131nda temel mant\u0131\u011f\u0131 anlamak i\u00e7in, <a href=\"https:\/\/www.dchost.com\/blog\/wireguard-nedir-nasil-kurulur-ve-yapilandirilir\/\">WireGuard nedir ve nas\u0131l kurulur<\/a> rehberimiz size iyi bir ba\u015flang\u0131\u00e7 sa\u011flayacakt\u0131r.<\/p>\n<h2><span id=\"Staging_Ortaminin_Domain_DNS_ve_Hosting_Mimarisini_Dogru_Kurmak\">Staging Ortam\u0131n\u0131n Domain, DNS ve Hosting Mimarisini Do\u011fru Kurmak<\/span><\/h2>\n<p>G\u00fcvenlik katmanlar\u0131n\u0131 kurarken, staging ortam\u0131n\u0131n mimarisini de do\u011fru kurgulamak gerekir. Alan ad\u0131, DNS ve hosting se\u00e7imi; noindex, parola ve IP k\u0131s\u0131tlamas\u0131n\u0131n ne kadar temiz uygulanaca\u011f\u0131n\u0131 do\u011frudan etkiler.<\/p>\n<h3><span id=\"Alt_alan_adi_mi_ayri_domain_mi\">Alt alan ad\u0131 m\u0131, ayr\u0131 domain mi?<\/span><\/h3>\n<ul>\n<li><strong>Alt alan ad\u0131 (staging.ornek.com):<\/strong> Y\u00f6netimi kolay, SSL, DNS ve cache ayarlar\u0131n\u0131 takip etmek basit. \u00c7o\u011fu senaryoda \u00f6nerdi\u011fimiz y\u00f6ntem.<\/li>\n<li><strong>Ayr\u0131 domain (ornek-staging.com):<\/strong> Canl\u0131 ile staging\u2019i tamamen ay\u0131rmak istiyorsan\u0131z tercih edilebilir; ama SSL, DNS ve SEO taraf\u0131nda fazladan i\u015f y\u00fck\u00fc yarat\u0131r.<\/li>\n<\/ul>\n<p>Genelde DCHost \u00fczerinde \u00e7al\u0131\u015fan m\u00fc\u015fterilerimize, tek alan ad\u0131yla devam edip staging\u2019i <code>staging.<\/code> veya <code>test.<\/code> alt alanlar\u0131nda toplamalar\u0131n\u0131 \u00f6neriyoruz.<\/p>\n<h3><span id=\"DNS_ve_TTL_stratejisi\">DNS ve TTL stratejisi<\/span><\/h3>\n<p>Staging ortamlar\u0131nda s\u0131k s\u0131k deploy ve sunucu de\u011fi\u015fimi yap\u0131ld\u0131\u011f\u0131 i\u00e7in, DNS <strong>TTL de\u011ferlerini<\/strong> k\u0131sa tutmak i\u015finizi kolayla\u015ft\u0131r\u0131r (\u00f6r. 300 saniye). B\u00f6ylece yeni IP\u2019ye ge\u00e7erken uzun yay\u0131l\u0131m s\u00fcreleriyle u\u011fra\u015fmazs\u0131n\u0131z. TTL planlamas\u0131n\u0131 daha detayl\u0131 ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/dns-ttl-degerlerini-dogru-ayarlamak-a-mx-cname-ve-txt-kayitlari-icin-stratejik-rehber\/\">DNS TTL de\u011ferleri i\u00e7in stratejik rehber<\/a> yaz\u0131m\u0131z da i\u015finize yarayabilir.<\/p>\n<h3><span id=\"DCHost_uzerinde_staging_icin_tipik_kurulumlar\">DCHost \u00fczerinde staging i\u00e7in tipik kurulumlar<\/span><\/h3>\n<ul>\n<li><strong>Payla\u015f\u0131ml\u0131 hosting<\/strong> kullanan k\u00fc\u00e7\u00fck siteler: Ayn\u0131 hesab\u0131n alt\u0131nda <code>staging.ornek.com<\/code> alt alan\u0131 a\u00e7\u0131p, klas\u00f6r bazl\u0131 klon (\u00f6r. <code>public_html\/staging<\/code>). Burada mutlaka .htaccess ile parola + noindex ekliyoruz.<\/li>\n<li><strong>VPS \u00fczerinde birden fazla proje<\/strong>: Nginx veya Apache sanal host ile ayr\u0131 <code>server_name staging.ornek.com<\/code> tan\u0131m\u0131; IP k\u0131s\u0131tlamas\u0131 ve HTTP Basic Auth Nginx katman\u0131nda uygulan\u0131yor.<\/li>\n<li><strong>B\u00fcy\u00fck WooCommerce \/ SaaS projeleri<\/strong>: Staging i\u00e7in ayr\u0131 bir VPS veya ayr\u0131 bir DCHost fiziksel sunucu, hem veritaban\u0131 hem dosya sistemi izolasyonu sa\u011flanarak kuruluyor.<\/li>\n<\/ul>\n<p>WordPress \u00f6zelinde, cPanel taraf\u0131nda staging kurulumunu ad\u0131m ad\u0131m g\u00f6rmek isterseniz <a href=\"https:\/\/www.dchost.com\/blog\/wordpress-staging-ortami-nasil-kurulur-cpanelde-alt-alan-adi-klonlama-ve-guvenli-yayina-alma\/\">WordPress staging ortam\u0131 nas\u0131l kurulur<\/a> rehberimizi okuyabilirsiniz. Payla\u015f\u0131ml\u0131 ortamlar i\u00e7in daha hafif bir yakla\u015f\u0131m ar\u0131yorsan\u0131z, <a href=\"https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-wordpress-staging-ortami-kurmak-adim-adim-uygulamali-rehber\/\">payla\u015f\u0131ml\u0131 hosting\u2019de WordPress staging ortam\u0131 kurmak<\/a> yaz\u0131s\u0131 da ad\u0131m ad\u0131m sizi y\u00f6nlendirecektir.<\/p>\n<h2><span id=\"Gercekci_Senaryolar_Ajans_Kurumsal_Site_ve_SaaS_Ornekleri\">Ger\u00e7ek\u00e7i Senaryolar: Ajans, Kurumsal Site ve SaaS \u00d6rnekleri<\/span><\/h2>\n<h3><span id=\"1_Kucuk_ajans_ve_15_musteri_sitesi\">1) K\u00fc\u00e7\u00fck ajans ve 15+ m\u00fc\u015fteri sitesi<\/span><\/h3>\n<p>Senaryo: Ajans, DCHost \u00fczerinde reseller veya VPS kullan\u0131yor; her m\u00fc\u015fteri i\u00e7in WordPress site var. M\u00fc\u015fterilere d\u00fczenli tasar\u0131m g\u00fcncellemesi yap\u0131l\u0131rken staging ortam\u0131 gerekiyor.<\/p>\n<ul>\n<li>Her m\u00fc\u015fteri i\u00e7in <code>staging.musteriadi.com<\/code> alt alan\u0131 a\u00e7\u0131l\u0131yor.<\/li>\n<li>cPanel\u2019de klonlama ile staging\u2019e dosya ve veritaban\u0131 kopyalan\u0131yor.<\/li>\n<li>.htaccess ile parola korumas\u0131 ve meta robots noindex ekleniyor.<\/li>\n<li>robots.txt, t\u00fcm staging alan\u0131 i\u00e7in <code>Disallow: \/<\/code> ile ayarlan\u0131yor.<\/li>\n<li>IP k\u0131s\u0131tlamas\u0131 ajans ofisi i\u00e7in de\u011fil, sadece admin dizinleri i\u00e7in uygulan\u0131yor (uzaktan \u00e7al\u0131\u015fanlar da eri\u015febilsin diye).<\/li>\n<\/ul>\n<h3><span id=\"2_B2B_kurumsal_site_ve_KVKK_hassasiyeti\">2) B2B kurumsal site ve KVKK hassasiyeti<\/span><\/h3>\n<p>Senaryo: B\u00fcy\u00fck bir kurumsal B2B site, canl\u0131da form ve CRM entegrasyonu kullan\u0131yor. Staging\u2019de canl\u0131 veritaban\u0131 kopyas\u0131 var; ki\u015fisel veriler i\u00e7eriyor.<\/p>\n<ul>\n<li>Staging, DCHost \u00fczerinde ayr\u0131 bir VPS\u2019te, canl\u0131dan tamamen izole \u015fekilde bar\u0131nd\u0131r\u0131l\u0131yor.<\/li>\n<li>Ofis ve VPN \u00e7\u0131k\u0131\u015f IP\u2019leri d\u0131\u015f\u0131nda herkese 403 d\u00f6nen IP allowlist uygulan\u0131yor.<\/li>\n<li>\u00dcst\u00fcne bir de HTTP Basic Auth konarak iki katmanl\u0131 koruma sa\u011flan\u0131yor.<\/li>\n<li>Staging veritaban\u0131nda, ki\u015fisel veriler d\u00fczenli olarak maskeleme\/anonymization script\u2019leriyle temizleniyor.<\/li>\n<\/ul>\n<h3><span id=\"3_SaaS_urunu_ve_CICD_hatti\">3) SaaS \u00fcr\u00fcn\u00fc ve CI\/CD hatt\u0131<\/span><\/h3>\n<p>Senaryo: SaaS ekibi, her merge sonras\u0131 staging\u2019e otomatik deploy yap\u0131yor; QA ekibi burada test ediyor. Staging bazen load test i\u00e7in de kullan\u0131l\u0131yor.<\/p>\n<ul>\n<li>Staging, <code>staging.uygulama.com<\/code> \u00fczerinde, canl\u0131 ile ayn\u0131 DCHost altyap\u0131s\u0131nda ama ayr\u0131 veritaban\u0131 ve cache ile kurulmu\u015f.<\/li>\n<li>CI\/CD pipeline, staging deploy\u2019u bitirince health-check ve smoke test \u00e7al\u0131\u015ft\u0131r\u0131yor.<\/li>\n<li>T\u00fcm staging ortam\u0131 VPN\/IP allowlist arkas\u0131nda; test kullan\u0131c\u0131lar\u0131 i\u00e7in ayr\u0131 bir auth servisi var.<\/li>\n<li>Noindex, X-Robots-Tag ile web sunucusunda merkezi olarak ayarl\u0131; b\u00f6ylece yeni mikroservisler de otomatik noindex oluyor.<\/li>\n<\/ul>\n<h2><span id=\"DCHost_Uzerinde_Uygulanabilir_Staging_Guvenlik_Kontrol_Listesi\">DCHost \u00dczerinde Uygulanabilir Staging G\u00fcvenlik Kontrol Listesi<\/span><\/h2>\n<p>Pratikte i\u015finizi kolayla\u015ft\u0131rmak i\u00e7in, staging veya test ortam\u0131 kurarken uygulayabilece\u011finiz k\u0131sa bir kontrol listesi haz\u0131rlad\u0131k:<\/p>\n<ol>\n<li><strong>Alan ad\u0131:<\/strong> Canl\u0131 domain alt\u0131nda <code>staging.<\/code> veya <code>test.<\/code> alt alan\u0131 kullan\u0131n.<\/li>\n<li><strong>DNS:<\/strong> TTL\u2019i 300 saniye civar\u0131nda tutun, olas\u0131 IP de\u011fi\u015fimlerini h\u0131zland\u0131r\u0131n.<\/li>\n<li><strong>Noindex:<\/strong> Hem meta robots hem X-Robots-Tag ile noindex + nofollow uygulay\u0131n.<\/li>\n<li><strong>robots.txt:<\/strong> <code>Disallow: \/<\/code> ekleyin, ancak bunu asla tek g\u00fcvenlik katman\u0131 olarak g\u00f6rmeyin.<\/li>\n<li><strong>Parola:<\/strong> Apache\/.htaccess veya Nginx ile HTTP Basic Auth ekleyin; kullan\u0131c\u0131\/parola kombinasyonunu sadece ekiple payla\u015f\u0131n.<\/li>\n<li><strong>IP k\u0131s\u0131tlama:<\/strong> M\u00fcmk\u00fcnse ofis ve VPN IP\u2019lerini allowlist\u2019e al\u0131n, di\u011fer herkesi engelleyin.<\/li>\n<li><strong>Veri anonimle\u015ftirme:<\/strong> Canl\u0131 veritaban\u0131 kopyas\u0131n\u0131 staging\u2019e al\u0131yorsan\u0131z, ki\u015fisel verileri maskeleyin.<\/li>\n<li><strong>E-posta g\u00f6nderimi:<\/strong> Staging\u2019den ger\u00e7ek m\u00fc\u015fterilere mail gitmemesi i\u00e7in SMTP ayarlar\u0131n\u0131 dummy veya sandbox moda al\u0131n.<\/li>\n<li><strong>Log ve hata modu:<\/strong> Staging\u2019de ayr\u0131nt\u0131l\u0131 debug log tutun ama bu loglar\u0131 da parola\/IP katmanlar\u0131n\u0131n arkas\u0131nda saklay\u0131n.<\/li>\n<li><strong>Temizlik:<\/strong> Eski staging ortamlar\u0131n\u0131, i\u015finiz bitti\u011finde mutlaka kapat\u0131n veya en az\u0131ndan DNS\u2019ten d\u00fc\u015f\u00fcr\u00fcn.<\/li>\n<\/ol>\n<h2><span id=\"Sonuc_ve_Onerilen_Yol_Haritasi\">Sonu\u00e7 ve \u00d6nerilen Yol Haritas\u0131<\/span><\/h2>\n<p>Staging ve test ortamlar\u0131, &#8220;zaten canl\u0131 de\u011fil&#8221; diyerek hafife al\u0131nacak yap\u0131lar de\u011fil. Aksine, debug modlar\u0131n\u0131n a\u00e7\u0131k oldu\u011fu, eski k\u00fct\u00fcphanelerin \u00e7al\u0131\u015ft\u0131\u011f\u0131, canl\u0131 verilerin kopyaland\u0131\u011f\u0131 ve \u00e7o\u011fu zaman da g\u00fcvenlik g\u00fcncellemelerinin gecikti\u011fi alanlar. Burada do\u011fru yap\u0131lmayan her ayar, SEO\u2019dan KVKK\u2019ya, itibar y\u00f6netiminden operasyonel riske kadar geni\u015f bir yelpazede sorun yaratabiliyor.<\/p>\n<p>\u00d6zetle:<\/p>\n<ul>\n<li><strong>Noindex<\/strong> ile arama motoru risklerini kontrol edin,<\/li>\n<li><strong>Parola korumas\u0131<\/strong> ile temel eri\u015fim bariyerini kurun,<\/li>\n<li><strong>IP k\u0131s\u0131tlama<\/strong> ile staging\u2019i ekip ve ofis a\u011flar\u0131yla s\u0131n\u0131rlay\u0131n.<\/li>\n<\/ul>\n<p>E\u011fer DCHost \u00fczerinde yeni bir proje planl\u0131yor veya mevcut projenize g\u00fcvenli bir staging mimarisi eklemek istiyorsan\u0131z, altyap\u0131n\u0131z\u0131; alan ad\u0131, DNS ve hosting katmanlar\u0131yla birlikte d\u00fc\u015f\u00fcnmek \u00f6nemli. Yukar\u0131da bahsetti\u011fimiz rehberler ve kontrol listesiyle temel yap\u0131y\u0131 kendiniz kurabilirsiniz; daha karma\u015f\u0131k VPS, dedicated veya colocation senaryolar\u0131nda ise DCHost ekibi olarak staging ve test ortamlar\u0131n\u0131z\u0131 canl\u0131 mimariyle uyumlu, g\u00fcvenli ve esnek bir \u015fekilde tasarlaman\u0131za yard\u0131mc\u0131 olmaktan memnuniyet duyar\u0131z.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Staging ortam\u0131 g\u00fcvenli\u011fi ihmal edildi\u011finde, sadece birka\u00e7 yanl\u0131\u015f t\u0131klama ile canl\u0131 sitenizin SEO\u2019sunu, gizli verilerini ve marka itibar\u0131n\u0131 ayn\u0131 anda riske atabilirsiniz. \u00d6zellikle ajanslar, SaaS ekipleri ve kurumsal web projelerinde staging ve test ortamlar\u0131; yeni \u00f6zelliklerin denendi\u011fi, hatalar\u0131n ay\u0131kland\u0131\u011f\u0131 ve \u00e7o\u011fu zaman canl\u0131 verilerin kopyaland\u0131\u011f\u0131 alanlar oluyor. Bu da onlar\u0131 hem arama motoru botlar\u0131 i\u00e7in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4651,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4650","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4650"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4650\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4651"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}