Skip to main content

IP Adress Restriction Settings of Published Apps

  • Access restrictions can be applied to the apps developed with exaBase Studio.
  • IP Whitelisting, IPv4 and CIDR notation supported.

Scope of IP Address Specification and Inheritance Relationship

  • Circuit IP address restrictions can be set on an organizational level as well as within the project. Scope and inheritance relationships need to be considert to ensures proper IP address configuration.
info

Depending on your contract details and plan, IP restrictions may already be applied to your cluster. Please check your contract information for more details.

Correlation Between Organization Circuit IP Address Restrictions and Endpoint IP Address Restrictions

  • Organization administrators configure IP address restrictions at an organization level. Within set boundaries developers whitelist IP addresses for endpoints to make them accessible.
  • Final endpoint IP settings are determined by considering both the IP addresses restrictions on organizational level and the IP addresses allowed at the endpoint level. Only IP addresses permitted on both levels will have access.

Inheritance within Projects

  • Settings can be applied for each endpoint. Settings can also be configured in bulk at the Project and Workspace levels.
  • The IP address settings have a parent-child relationship: Project -> Workspace, Workspace -> Endpoint. By default, the parent's settings are inherited by the child, meaning Project settings are inherited by endpoints.
  • Individual settings can be made for Workspaces and Endpoints that do not inherit from the parent’s settings.

How to Configure

  • In any settings screen, you can create an item to set addresses from +. Multiple addresses can be added.
  • It can be specified in IPv4 format, and supports CIDR notation.

Project

  • Settings can be configured from the Allowed IP Addresses menu displayed in the panel on the right side of the screen when no nodes are selected. 001

  • You can configure "Allow All" settings from the menu. If this item is checked, 0.0.0.0/0 will be applied, granting access based on IP address restrictions configured on organizational level.


  • The actual permitted IP addresses, taking into account IP address restrictions set for the organization, can be checked in the BluePrint panel.

Workspace and Endpoint

  • Settings for Workspaces and Endpoints can be made from the panel displayed on the right side of the screen when a node is selected.
  • You can configure "Allow all" and "Inherit from parent" settings from the menu.
  • Settings inherited from the parent are displayed in gray, while those set for each node are displayed in black and the IP address restrictions configured at organizational level are displayed underneath. An icon indicating the target of the setting will be displayed to the left of the IP address. When hovering over the inherited IP address, a button to jump to the source node will be displayed to the right of the IP address.
    authorized-ip-addresses

Warnig Messages Concerning Endpoint IP Address Settings

Depending on the IP address settings a warning message may be displayed. Review your configurations and make corrections as needed.

No IP Address Set

  • If the IP address settings applied to an Endpoint, Project or Workspace result in the Endpoint having no allowed IP addresses set, a warning message will be displayed in the Problems tab.

Exceeding Organization IP Restriction Settings

  • If the IP address settings applied to Project, Workspace or Endpoint exceed the organization's IP restriction range, a warning message will be displayed in the Issues tab.

info

If set to allow all or 0.0.0.0/0, access will be granted according to the organization’s IP address restriction settings.

All IP Addresses Allowed

  • Because of security risks, a warning message is displayed, if an endpoint is accessible from anywhere on the internet.
  • If the IP address settings applied to an Endpoint, Project, or Workspace result in the Endpoint being accessible from anywhere on the internet, a warning message will be displayed in the Problems tab.
  • if you attempt to deploy while one or more Endpoints have their allowed IP address set to Allow all or 0.0.0.0/0, a warning message will be displayed in the deployment modal.