Skip to main content

IP Whitelisting

Files.com offers an IP Whitelisting feature which can be used by organizations who want to require that only specific IP addresses are allowed to access their site. For example, you could implement this feature so that connectivity to your site is only allowed from your corporate network, limiting access to employees who are either physically at your corporate office or connected to your corporate office via VPN. Employees who are remote, external, or mobile would not be able to connect.

Restricting access by IP address can be done on a site-wide basis, group level as well as for individual users.

Implementing this feature will block access to your site from every IP address that is not included in the whitelist.

This is an optional feature that we provide to allow compliance with your company security posture; it is not a required nor recommended configuration.

Warning

While IP whitelisting may seem like a straightforward way to control access, it introduces significant challenges that often outweigh any perceived benefits. This feature is designed to restrict access, not grant it. It should only be implemented when explicitly required by your security office or by compliance regulations.

Implementing an IP whitelist without fully understanding the implications can lead to unnecessary access issues and increased support overhead. Business processes that rely on external connectivity with vendors, suppliers, partners, or customers will be impacted if any of these external parties changes premises, updates their network, or changes their internet service provider.

IP whitelisting is a frequent source of connectivity failures. Many organizations have dynamic or cloud-based IPs that change periodically, rendering a previously approved IP obsolete without notice. This results in unexpected disruptions and frustrated users who may suddenly find themselves unable to connect. Additionally, mobile users, remote employees, and third-party vendors often access services from multiple locations, making it impractical to maintain an accurate and functional whitelist.

From a security perspective, IP whitelisting is an outdated practice. Modern security models emphasize identity-based authentication, encryption, and network-level controls that provide far more robust protection without the operational headaches. Over-reliance on whitelisting can create a false sense of security while simultaneously complicating legitimate access.

If your site does not already have an IP whitelist in place, adding one will not resolve connectivity issues. Updating the whitelist only has an impact if access has already been restricted.

Before enabling IP whitelisting, carefully evaluate whether it is truly necessary. In most cases, other security mechanisms provide better protection with far fewer operational challenges.

Enabling IP Whitelisting For All Users

To add IP addresses to the site-wide IP whitelist, type "IP Whitelist/Blacklist" in the search box at the top of every page and then click on the matching result. Each whitelisted IP address should be entered on a separate line. You may specify a range in CIDR format, such as 192.168.1.0/27.

Adding one or more IP addresses to the site-wide whitelist will force all users to access the site from one of these IP addresses, unless they have a user-specific whitelisted IP address or have the Bypass site IP whitelist setting enabled, as described below.

IP Whitelisting and User Restrictions

To add IP addresses to an individual user's IP whitelist, edit the desired user, then locate their IP Whitelist setting.

When a user has entries in their IP Whitelist, and there is no site-wide IP whitelist, they must access the site from one of the addresses on their own list.

When a user has entries in their IP Whitelist, and you are also restricting IP addresses via the site-wide or group level IP whitelist, and the user setting Bypass site IP whitelist is not enabled, users with addresses that exist in either list (site-wide or user or group) will be allowed to log in.

You may restrict a user to only access the site via one of the addresses on their individual IP whitelist (and not the site-wide IP whitelist) by selecting Bypass site IP whitelist located immediately below the individual user's IP whitelist.

Disabling IP Whitelisting

To disable IP Whitelisting, clear out all content for the site-wide and per-user IP whitelists using the same steps as above.

Interaction With Other Restrictions

If you maintain a list of Allowed countries or Disallowed countries, the IP Whitelist and country restrictions are combined such that a given connection must satisfy all restrictions in order to be allowed. For example, IP addresses that are associated with countries in your list of Disallowed countries will not be allowed to connect, even if they would be allowed because of your IP whitelists.

Public Hosting

Folders that are configured with the Public Hosting (Web Hosting) setting are not affected by IP Whitelisting. These public folders will be accessible from any location and any IP address.

Logging

In general, Files.com platform logs all logins attempted by any users or systems. If there are any attempts to login from a country or IP address which is not allowed by the Administrator, Files.com platform rejects the authentication and corresponding login attempt will be logged under User history.

IPv6

Files.com does not support IPv6 addresses for any part of its platform, including for IP Whitelisting.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.