What is an IP allowed list?
An Internet Protocol (IP) address is an identifier (ID) for a computer. Every computer on the internet has an IP address, which is used to identify it and allow it to communicate with other computers. A computer’s IP address changes depending on where it is located. For instance, if your computer is in your home, it will have a different address from your computer in the office. This is because your computer at home is using a different network from your computer in the office.
An IP allowed list is a way to filter which computers can interact with your computer, by listing the IP addresses of approved computers.
If you have a hosted Shotgun site, and you are on the Super Awesome support tier, you can contact our support team to enable IP listing on your site. Once enabled, you can list the IP addresses you want to give access to your site, which will configure Shotgun to only respond to requests from computers that are on your list. As an example, you may want to limit access to your Shotgun site to only people inside your office.
IP listing is part of a set of security tools, which combined together help secure access to your data. See the Security section of our Help Center to find more information about how to make your Shotgun site more secure. We recommend that you take additional steps to secure your site, as an IP allowed list is but one tool in the security arsenal. Other options include requiring a username and strong password and two-factor authentication. As an example, a malicious and knowledgeable third party could impersonate an allowed IP address, but if they do not have login information or are unable to get through the two-factor authentication, they will not be able to do any damage to your site.
Is my site eligible for IP allowed lists?
IP allowed listing is a feature that is available to clients who are on the Super Awesome support tier.
Note: If you are based in China, enabling IP allowed lists will require a backend configuration change that can negatively impact site performance. IP allowed lists are currently incompatible with High-speed Data Transmission (HDT) technology, which we use to accelerate site performance in China.
How can I set it up?
Contact our support team to enable this feature on your site.
Once enabled, under the Security section of Site Preferences, you can enter a list of IP addresses (or range of IPs) that is typically used to control your Shotgun site. By default any addresses not included in the list will be denied access. Enter each IP address on a new line.
You can also choose to restrict media on a per project basis. Once you select this option, you can add a list of IP addresses to the “Media Unrestricted IP Ranges” field on the project entity to prevent those outside of the specified ranges from accessing media on that project.
Some examples of a standard IP might look like:
Whereas some examples of a range of IPs might look like:
You can calculate an IP range using either of these online calculator tools:
Once our support team has amended the list of allowed IPs, you will receive a confirmation email.
Note: For more information on Shotgun-specific IPs, see our FQDNs and IPs.
Using allowed IP lists with two-factor authentication (2FA)
An IP allowed list can be used in conjunction with our two-factor authentication tools. When used together, the allowed IP list governs whether someone can log into a site at all (based on if the user is in or out of the list), and two-factor authentication only affects the login itself.
So, if both the IP allowed list and two-factor authentication features are switched on, a user could only log into a site if he or she is in the list. Then, when logging in, two-factor authentication would be required.
IP allowed lists for Webhooks
In the case of Webhooks, Shotgun sends HTTPS requests to an external server owned and managed by clients.When setting up your external server, you may want to restrict which IP addresses it will accept requests from (e.g. limit to requests coming from Shotgun).
All traffic coming from Shotgun will use one of the following IP's:
Does the allowed IP list support hostnames?
No, it does not support hostnames.
Can I turn on an allowed list for certain users, and not others?
No, if you turn on your allowed list it will affect all users.