<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=593662) </details> <!--IssueSummary end--> ## Problem to solve When using the [group IP allowlist feature](https://docs.gitlab.com/user/group/access_and_permissions/#restrict-group-access-by-ip-address), there is no way to temporarily disable IP restrictions without manually removing all IP addresses from the list. For groups with large allowlists, this is not feasible — removing and re-adding many IP addresses is error-prone and time-consuming. A common use case is needing to temporarily disable IP restrictions for testing or troubleshooting purposes, then re-enable them afterward. ## Proposal Add an **enable/disable toggle** (e.g. a checkbox or switch) to the group IP allowlist settings that allows group owners to suspend enforcement of the IP restriction without clearing the list of IP addresses. The IP addresses would be retained in the settings and enforcement would resume immediately when the toggle is switched back on. This is similar to how other security features in GitLab work — the configuration is preserved independently of whether the feature is active. ## Intended users Group owners and administrators who: - Need to temporarily disable IP restrictions for testing or debugging - Manage large IP allowlists that are impractical to remove and re-add manually ## Further details Currently, the only workaround is to use the Group API to save and restore the `ip_restriction_ranges` field programmatically: ```bash # Save current list CURRENT=$(curl --header "PRIVATE-TOKEN: <token>" "https://gitlab.com/api/v4/groups/<group_id>" | jq -r '.ip_restriction_ranges') # Disable (clear the list) curl --request PUT --header "PRIVATE-TOKEN: <token>" \ "https://gitlab.com/api/v4/groups/<group_id>" \ --data "ip_restriction_ranges=" # Re-enable (restore the list) curl --request PUT --header "PRIVATE-TOKEN: <token>" \ "https://gitlab.com/api/v4/groups/<group_id>" \ --data "ip_restriction_ranges=$CURRENT" ``` This is a fragile workaround and not suitable for all users. ## What does success look like? A group owner can toggle IP restriction enforcement on and off from the group settings UI (and via API) without losing the configured list of IP addresses.