> For the complete documentation index, see [llms.txt](https://docs.boldminded.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.boldminded.com/datagrab/docs/configuration-options/config-file-options.md).

# Config File Options

If you're making a request to an external import file/url and it requires additional validation you can use the datagrab\_custom\_headers config option. In this example 6 is the import ID to assign these headers to.

```php
$config['datagrab_custom_headers'] = [
    6 => [
        'Content-Type: application/json',
        'Authorization: Bearer YOUR_ACCESS_TOKEN'
    ]
];
```

If you want to disable verifying peers when making a cURL request you can  set this to 'n'.

```php
$config['datagrab_verify_peer'] = 'n';
```

By default DataGrab will write to the `system/user/cache/DataGrab-import.log` file each time an import is executed, and erase the log contents from the previous import and replace it with the currently executing import. If you want to keep a backup of the log files you will want to enable log rotate, which will append a timestamp to the end of of the file. If you do this you may want to consider deleting old backups, which will [require a simple bash script](/datagrab/docs/troubleshooting/datagrab-import.log-rotation.md).

```php
$config['datagrab_rotate_log'] = 'y';
```

Starting with DataGrab 6.1, remote import files are fetched through a new URL guard that only allows `http` and `https` URLs and refuses to connect to hosts that resolve to private, loopback, or otherwise reserved IP addresses. This prevents a saved import from being pointed at internal infrastructure or cloud metadata endpoints. The following config options let you tune that behavior.

If you import from a local development domain (such as a `.ddev.site` or `.test` address) or from a trusted host on your internal network, those requests would normally be blocked because they resolve to private IPs. You can allow specific hosts through with the `datagrab_allowed_hosts` config option. It accepts an array of host names, and a leading `*.` will match any subdomain. Your site's own domain (from `base_url`) is always trusted automatically, so same-host imports keep working without any configuration.

{% code overflow="wrap" %}

```php
$config['datagrab_allowed_hosts'] = [
    'localhost',
    '*.ddev.site',
    '*.test',
];
```

{% endcode %}

If you'd rather not maintain a host list and simply want to allow requests to private and reserved addresses everywhere, you can disable the private-address block entirely by setting `datagrab_allow_private_urls` to `'y'`. The `datagrab_allowed_hosts` option above is the safer, more targeted choice and should be preferred on production sites.

{% code overflow="wrap" %}

```php
$config['datagrab_allow_private_urls'] = 'y';
```

{% endcode %}

If you fetch import files from a URL that issues redirects, DataGrab now follows each redirect manually and re-checks the destination against the same security rules before continuing. The number of redirects it will follow is capped, and you can adjust that limit with the `datagrab_max_redirects` config option. This only applies when redirect following is already enabled via `datagrab_follow_redirects`; the default is 5.

{% code overflow="wrap" %}

```php
$config['datagrab_max_redirects'] = 5;
```

{% endcode %}

If your import is run from outside the Control Panel using its `?ACT=` URL, the passkey can now be sent as an HTTP request header instead of as a query-string parameter, which keeps the secret out of server logs, browser history, and `Referer` headers. Send the passkey in the `X-Datagrab-Passkey` header; the existing `passkey=` query-string parameter continues to work for backwards compatibility.

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.boldminded.com/datagrab/docs/configuration-options/config-file-options.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.