Instance level IP address filtering
Summary
Currently we do not provide a method for instance level IP restriction. We have many features surrounding IP restriction but none that broach the topic of instance level controls. Currently there are these features:
Each of these features allow for some of the desired functionality but are either limited in scope to groups or do not provide the appropriate controls desired.
- The Group Level IP restrictions are as stated restricted to groups.
- The control globally allowed IP ranges is a feature to be used in conjunction with groups level ip restrictions to whitelist access at the instance level. After testing this does not introduce a "deny any any" type restriction but simply guarantees access to IP's specified regardless of group level restrictions.
- The IP restrictions (despite the name) do not allow the feature desired but ensure they are not using multiple IP addresses maliciously.
Proposal
Introduce a setting in the Admin panel possibly under Network
to allow admins to restrict access to the instance on an IP block or individual IP basis similar to the Group Level IP restrictions
feature that is already in place.