What is IP whitelisting?
An Internet Protocol (IP) address is an identifier (ID) for a computer. Every computer on the internet has an IP address, which is used to identify it and allow it to communicate with other computers. A computer’s IP address changes depending on where it is located. For instance, if your computer is in your home, it will have a different address from your computer in the office. This is because your computer at home is using a different network from your computer in the office.
IP Whitelisting is a way to filter which computers can interact with your computer, by listing the IP addresses of approved computers.
If you have a hosted Shotgun site, and you are on the Super Awesome support tier, you can contact our support team to enable IP whitelisting on your site. Once enabled, you can list the IP addresses you want to give access to your site, which will configure Shotgun to only respond to requests from computers that are on your list. As an example, you may want to limit access to your Shotgun site to only people inside your office.
IP whitelisting is part of a set of security tools, which combined together help secure access to your data. See the Security section of our Help Center to find more information about how to make your Shotgun site more secure. . We recommend that you take additional steps to secure your site, as IP Whitelisting is but one tool in the security arsenal. Other options include requiring a username and strong password and two-factor authentication. As an example, a malicious and knowledgeable third party could impersonate a whitelisted IP address, but if they do not have login information or are unable to get through the two-factor authentication, they will not be able to do any damage to your site.
Is my site eligible for IP whitelisting?
IP whitelisting is a feature that is available to clients who are on the Super Awesome support tier.
How can I set it up?
Contact our support team to enable IP whitelisting on your site.
Once enabled, under the Security section of Site Preferences, you can enter a list of IP addresses (or range of IPs) that is typically used to control your Shotgun site. By default any addresses not included in the list will be denied access. Enter each IP address on a new line.
You can also choose to restrict media on a per project basis. Once you select this option, you can add a list of IP addresses to the “Media Unrestricted IP Ranges” field on the project entity to prevent those outside of the specified ranges from accessing media on that project.
Some examples of a standard IP might look like:
Whereas some examples of a range of IPs might look like:
You can calculate an IP range using either of these online calculator tools:
Once our support team has amended the whitelist, you will receive a confirmation email.
Note: For more information on Shotgun-specific IPs, see our FQDNs and IPs.
Using IP whitelisting with two-factor authentication (2FA)
IP whitelisting can be used in conjunction with our two-factor authentication tools. When used together, IP whitelisting governs whether someone can log into a site at all (based on if the user is in or out of the whitelist), and two-factor authentication only affects the login itself.
So, if both IP whitelisting and two-factor authentication are switched on, a user could only log into a site if he or she is in the whitelist. Then, when logging in, two-factor authentication would be required.
Does IP whitelisting support hostnames?
No, IP whitelisting does not support hostnames.
Can I turn on whitelisting for certain users, and not others?
No, if you turn on whitelisting it will affect all users.