IP range allow listing
SFTP servers are protected. In order to be able to access them in order to view files or write new ones, you need to add the public IP address of the system or client that accesses the servers to the allow list.
Discover this feature in video using Campaign Classic or Campaign Standard
About the CIDR format
CIDR (Classless Inter-Domain Routing) is the supported format when adding IP ranges with the Control Panel interface.
The syntax consists of an IP address, followed by a ‘/’ character, and a decimal number. The format and its syntax are fully detailed in this article.
You can search on the internet for free online tools that will help you convert the IP range that you have in hand to CIDR format.
Best practices
Make sure you follow the recommendations and limitations below when adding IP addresses to the allow list in the Control Panel.
- Add IP ranges to the allow list rather than single IP addresses. To add a single IP address to the allow list, append a ‘/32’ to it to indicate that the range only includes a single IP.
- Do not add very wide ranges to the allow list, for example including > 265 IP addresses. The Control Panel will reject any CIDR-format ranges that are between /0 and /23.
- Only public IP addresses can be added to the allow list.
- Make sure to regularly delete IP addresses that you don’t need anymore from the allow list.
Adding IP addresses to the allow list
To add an IP range to the allow list, follow these steps:
-
Open the SFTP card, then select the IP Allow Listing tab.
-
The list of IP addresses on the allow list displays for each instance. Select the desired instance from the left-hand side list, then click the Add new IP range button.
-
Define the IP Range that you want to add to the allow list, in the CIDR format, then define the label that will display in the list.
NOTEThese special characters are allowed in the Label field:
. _ - : / ( ) # , @ [ ] + = & ; { } ! $
IMPORTANTAn IP range cannot overlap an existing range on the allow list. In that case, first delete the range that contains the overlapping IP.
It is possible to add a range on the allow list for multiple instances. To do this, press the down arrow key or type the first letters of the desired instance, then select it from the suggestions list.
-
Click the Save button. IP addition to the allow list will be displayed as PENDING until the request is fully processed. This should only take a few seconds.
To delete IP ranges from the allow list, select them then click the Delete IP range button.
It is currently not possible to edit a range on the allow list. To modify an IP range, delete it, then create a one corresponding to your needs.
Monitoring changes
The Job Logs in the Control Panel home page let you monitor all changes that have been made to IP addresses on the allow list.
For more on the Control Panel interface, refer to this section.
