diff --git a/app/tests/conftest.py b/app/tests/conftest.py
index 89cfe9a..d488671 100644
--- a/app/tests/conftest.py
+++ b/app/tests/conftest.py
@@ -2,7 +2,7 @@ import os
 from fastapi.testclient import TestClient
 import pytest
 from unittest.mock import patch
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 from app.shared.settings import Settings
 from app.web.db.user_state import UserState
 
diff --git a/app/tests/web/db/test_crud.py b/app/tests/web/db/test_crud.py
index 625aee7..b49fefd 100644
--- a/app/tests/web/db/test_crud.py
+++ b/app/tests/web/db/test_crud.py
@@ -63,7 +63,7 @@ def test_data(db_session):
 
 def test_get_archive(test_data, db_session):
     from app.web.db import crud
-    from app.shared.config import ALLOW_ANY_EMAIL
+    from app.web.config import ALLOW_ANY_EMAIL
 
     # each author's archives work
     assert (a0 := crud.get_archive(db_session, "archive-id-456-0", authors[0])) is not None
@@ -92,7 +92,7 @@ def test_get_archive(test_data, db_session):
 
 def test_search_archives_by_url(test_data, db_session):
     from app.web.db import crud
-    from app.shared.config import ALLOW_ANY_EMAIL
+    from app.web.config import ALLOW_ANY_EMAIL
 
     # rick's archives are private
     assert len(crud.search_archives_by_url(db_session, "https://example-0.com", "rick@example.com")) == 34
@@ -138,7 +138,7 @@ def test_search_archives_by_url(test_data, db_session):
 
 
 def test_search_archives_by_email(test_data, db_session):
-    from app.shared.config import ALLOW_ANY_EMAIL
+    from app.web.config import ALLOW_ANY_EMAIL
     from app.web.db import crud
 
     # lower/upper case
@@ -161,7 +161,7 @@ def test_search_archives_by_email(test_data, db_session):
 @patch("app.web.db.crud.DATABASE_QUERY_LIMIT", new=25)
 def test_max_query_limit(test_data, db_session):
     from app.web.db import crud
-    from app.shared.config import ALLOW_ANY_EMAIL
+    from app.web.config import ALLOW_ANY_EMAIL
 
     assert len(crud.search_archives_by_url(db_session, "https://example", ALLOW_ANY_EMAIL)) == 25
     assert len(crud.search_archives_by_url(db_session, "https://example", ALLOW_ANY_EMAIL, limit=1000)) == 25
@@ -233,7 +233,7 @@ def test_count_by_users_since(test_data, db_session):
 
 def test_is_user_in_group(test_data, db_session):
     from app.web.db import crud
-    from app.shared.config import ALLOW_ANY_EMAIL
+    from app.web.config import ALLOW_ANY_EMAIL
 
     # see user-groups.test.yaml
     test_pairs = [
diff --git a/app/tests/web/endpoints/test_default.py b/app/tests/web/endpoints/test_default.py
index 54bc14b..6de2f01 100644
--- a/app/tests/web/endpoints/test_default.py
+++ b/app/tests/web/endpoints/test_default.py
@@ -1,7 +1,7 @@
 from unittest.mock import AsyncMock, MagicMock, patch
 from fastapi.testclient import TestClient
 import pytest
-from app.shared.config import VERSION
+from app.web.config import VERSION
 from app.tests.web.db.test_crud import test_data
 
 
diff --git a/app/tests/web/endpoints/test_interoperability.py b/app/tests/web/endpoints/test_interoperability.py
index 64629ae..c3f8cb5 100644
--- a/app/tests/web/endpoints/test_interoperability.py
+++ b/app/tests/web/endpoints/test_interoperability.py
@@ -2,7 +2,7 @@ from datetime import datetime
 import json
 from unittest.mock import MagicMock, patch
 
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 from app.web.db import crud
 
 
diff --git a/app/tests/web/test_security.py b/app/tests/web/test_security.py
index 3b45f2d..4a46823 100644
--- a/app/tests/web/test_security.py
+++ b/app/tests/web/test_security.py
@@ -4,7 +4,7 @@ from fastapi import HTTPException
 from fastapi.security import HTTPAuthorizationCredentials
 import pytest
 
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 
 
 def test_secure_compare():
diff --git a/app/shared/config.py b/app/web/config.py
similarity index 100%
rename from app/shared/config.py
rename to app/web/config.py
diff --git a/app/web/db/crud.py b/app/web/db/crud.py
index d1aa92e..c5ea771 100644
--- a/app/web/db/crud.py
+++ b/app/web/db/crud.py
@@ -6,7 +6,7 @@ from loguru import logger
 from datetime import datetime, timedelta
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 from app.shared.db.database import get_db
 from app.shared.db import models
 from app.shared.settings import get_settings
diff --git a/app/web/endpoints/default.py b/app/web/endpoints/default.py
index 186b574..2535ae6 100644
--- a/app/web/endpoints/default.py
+++ b/app/web/endpoints/default.py
@@ -3,7 +3,7 @@ from typing import Dict
 from fastapi import APIRouter, Depends, Request, HTTPException
 from fastapi.responses import FileResponse, JSONResponse
 
-from app.shared.config import VERSION, BREAKING_CHANGES
+from app.web.config import VERSION, BREAKING_CHANGES
 from app.shared.log import log_error
 from app.web.db import crud
 from app.shared.schemas import ActiveUser, UsageResponse
diff --git a/app/web/endpoints/interoperability.py b/app/web/endpoints/interoperability.py
index 2c7660a..81c9a76 100644
--- a/app/web/endpoints/interoperability.py
+++ b/app/web/endpoints/interoperability.py
@@ -7,7 +7,7 @@ from auto_archiver import Metadata
 from sqlalchemy.orm import Session
 
 from app.shared.aa_utils import get_all_urls
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 from app.shared import business_logic, schemas
 from app.shared.db import worker_crud
 from app.shared.db.database import get_db_dependency
diff --git a/app/web/endpoints/url.py b/app/web/endpoints/url.py
index 7e3de02..98f905c 100644
--- a/app/web/endpoints/url.py
+++ b/app/web/endpoints/url.py
@@ -5,7 +5,7 @@ from datetime import datetime
 from loguru import logger
 from sqlalchemy.orm import Session
 
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 from app.shared import schemas
 from app.shared.task_messaging import get_celery
 from app.web.security import get_token_or_user_auth, get_user_state
diff --git a/app/web/main.py b/app/web/main.py
index aabb4f4..2c7c9ee 100644
--- a/app/web/main.py
+++ b/app/web/main.py
@@ -17,7 +17,7 @@ from app.shared.task_messaging import get_celery
 
 from app.web.db import crud
 from app.web.security import get_user_auth, token_api_key_auth, get_token_or_user_auth
-from app.shared.config import VERSION, API_DESCRIPTION
+from app.web.config import VERSION, API_DESCRIPTION
 from app.shared.db.database import get_db_dependency
 from app.web.events import lifespan
 from app.shared.settings import get_settings
diff --git a/app/web/security.py b/app/web/security.py
index 87bfe99..4e5214f 100644
--- a/app/web/security.py
+++ b/app/web/security.py
@@ -3,7 +3,7 @@ import requests, secrets
 from fastapi import HTTPException, status, Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 
-from app.shared.config import ALLOW_ANY_EMAIL
+from app.web.config import ALLOW_ANY_EMAIL
 from app.shared.settings import get_settings
 from app.shared.db.database import get_db
 from app.web.db.user_state import UserState