IP Allowed Lists
What is an IP allowed list?
An Internet Protocol (IP) address is an identifier (ID) for a computer. Every computer on the internet has an IP address, which is used to identify it and allow it to communicate with other computers. A computer’s IP address changes depending on where it is located. For instance, if your computer is in your home, it will have a different address from your computer in the office. This is because your computer at home is using a different network from your computer in the office.
An IP allowed list is a way to filter which computers can interact with your computer, by listing the IP addresses of approved computers.
Once enabled, you can list the IP addresses you want to give access to your site, which will configure Flow Production Tracking to only respond to requests from computers that are on your list. As an example, you may want to limit access to your Flow Production Tracking site to only people inside your office.
IP listing is part of a set of security tools, which combined together help secure access to your data. See the Security section of our Help Center to find more information about how to make your Flow Production Tracking site more secure. We recommend that you take additional steps to secure your site, as an IP allowed list is but one tool in the security arsenal. Other options include requiring a username and strong password and two-factor authentication. As an example, a malicious and knowledgeable third party could impersonate an allowed IP address, but if they do not have login information or are unable to get through the two-factor authentication, they will not be able to do any damage to your site.
Is my site eligible for IP allowed lists?
Yes, all sites are eligible for IP allowed lists.
If you are based in China, enabling IP allowed lists will require a backend configuration change that can negatively impact site performance. IP allowed lists are currently incompatible with High-speed Data Transmission (HDT) technology, which we use to accelerate site performance in China.
How can I set it up?
First you can enable under the Security section of Site Preferences.
Then, enter a list of IP addresses (or range of IPs) that is typically used to control your Flow Production Tracking site. By default any addresses not included in the list will be denied access. Enter each IP address on a new line.
You can also choose to restrict media on a per project basis. Once you select this option, you can add a list of IP addresses to the “Media Unrestricted IP Ranges” field on the project entity to prevent those outside of the specified ranges from accessing media on that project.
Some examples of a standard IP might look like:
- 127.0.0.0
- 255.255.255.255
Whereas some examples of a range of IPs might look like:
- 127.0.0.0/24
- 255.255.255.0/24
You can calculate an IP range using either of these online calculator tools:
For more information on Flow Production Tracking-specific IPs, see our FQDNs and IPs.
Network restriction measures for Webhooks
Restricting access to your Webhooks delivery end-points is not handled by the IP allowed list Site Preference described in this topic. For Webhooks, Flow Production Tracking sends HTTPS requests to an external server owned and managed by clients. Learn more about network restriction measures for Webhooks here.
FAQ
Does the allowed IP list support hostnames?
No, it does not support hostnames.
Can I turn on an allowed list for certain users, and not others?
No, if you turn on your allowed list it will affect all users.