IP Allowlist Settings
An IP allowlist panel with an enforcement switch, a list of CIDR ranges with owners and last match times, and an add range form.
An IP allowlist panel with an enforcement switch, a list of CIDR ranges with owners and last match times, and an add range form.
The source for every Application block is included with Basic and Pro. Pick a plan to copy the code.
Already purchased? Log in
IP Allowlist Settings restricts workspace access to a set of trusted networks. The panel opens with an Enforce allowlist switch whose description spells out the full consequence: sign ins and API requests from outside the ranges are refused with a 403, existing sessions included on their next request, and mobile apps on cellular networks are blocked unless members route through the VPN. A ruled list of CIDR ranges follows (Berlin office, Austin office, Production VPN, CI runners), each showing its label, the monospace range, who added it and when, and when it last matched. The range you are connecting from carries a Your connection badge. An add range form and a lockout guard note close the panel.
Ranges are one const array keyed by CIDR, with an isCurrent flag that drives the badge. The lockout guard copy is the safeguard that keeps an admin from saving an allowlist that excludes the address they are on right now.
Reach for this block on the workspace security settings page, visible to owners and admins, wired to your network policy API. Keep the lockout guard active so a mistyped range cannot lock the whole team out.
A natural flow around it on an Application Pro page:
Before
After
One strong use is the workspace network allowlist. Other access control surfaces:
Tip: state the lockout guard in plain copy next to the switch; an admin who locks themselves out will open a ticket the guard could have prevented.