Endpoints support IP filtering. This lets you restrict access to Apps hosted on Aptible to a set of whitelisted IP addresses or networks and block other incoming traffic.

The maximum amount of IP sources (aka IPv4 addresses and CIDRs) per Endpoint available for IP filtering is 50. IPv6 is not currently supported.

Use Cases

While IP filtering is no substitute for strong authentication, it is useful to:

  • Further lock down access to sensitive apps and interfaces, such as admin dashboards or third-party apps you’re hosting on Aptible for internal use only (For example: Kibana, Sentry).
  • Restrict access to your Apps and APIs to a set of trusted customers or data partners.

If you’re hosting development Apps on Aptible, IP filtering can also help you make sure no one outside your company can view your latest and greatest before you’re ready to release it to the world.

Note that IP filtering only applies to Endpoints, not to aptible ssh, aptible logs, and other backend access functionality provided by the Aptible CLI (this access is covered by strong mutual authentication, see our Q1 2017 Webinar for more detail).

Enabling IP Filtering

IP filtering is configured via the Aptible Dashboard on a per-Endpoint basis:

  • Edit an existing Endpoint or Add a new Endpoint
  • Under the IP Filtering section, click to enable IP filtering.
  • Add the list of IPs in the input area that appears
  • Add more sources (IPv4 addresses and CIDRs) by separating them with spaces or newlines
  • You must allow traffic from at least one source to enable IP filtering.