IP Address Whitelists
About IP Address Whitelists
- An IP address whitelist includes an IP address segment and several access control settings. The whitelist restricts users' access, upload, and download permissions to enhance repository security.
- The IP address whitelist can be configured only for repositories whose visibility is Private. Repositories whose visibility is Public or Public template are not supported.
IP Address Whitelist Formats
IPv4 and IPv6 are supported. The following table lists the three formats of IP address whitelists.
Format |
Description |
|---|---|
Specified IP Address |
This is the simplest IP address whitelist format. You can add the IP address of your PC to the whitelist, for example, 100.*.*.123. |
IP address segment |
If you have multiple servers and their IP addresses are consecutive or the IP address of your server dynamically changes in a network segment, you can add the IP address segment, for example, 100.*.*.0 to 100.*.*.255. |
CIDR block |
|
Configuring IP Address Whitelists
IP address whitelists can be created in the following levels:
If the Private repository for which the IP address whitelist has been configured is switched to a Public repository, you can upload and download code on the CodeArts Repo page or Git client.
IP Address whitelists. The whitelists are set for all cloud services. IP addresses that are not in the whitelist are blocked upon login. For details, see Access Control
- IP address whitelist for repository. It allows access only from IP addresses in the whitelist to a specific repository. To set the whitelist, choose (IPv4 and IPv6 addresses are supported. For details, see IP Address Whitelist Formats).
Allowed to access the repository: Only whitelisted IP addresses and the repository creator can access the repository.
Allowed to download code : Only whitelisted IP addresses can download code online and clone code locally.
Allowed to commit code: Only whitelisted IP addresses can modify and upload code online, or commit code locally. Code-based build project orchestration and YAML file synchronization are not affected.
- Commit code: Create, edit, delete, upload and rename files, create and delete directories, submodules, branches, and tags, resolve code conflicts, create and merge MRs, cherry-pick, revert, use LFS storage, and rebase.
- Download code: Download a single file and branches, tags, repositories and backup repositories.
- Local download: Download code through SSH and HTTPS, and clone repository through deploying keys.
- Local commit: Commit code through SSH and HTTPS.
- Repository synchronization is not affected by the IP address whitelist.
- Tenant-level IP address whitelist: To set IP address whitelists for repositories of all accounts from a tenant, log in to the CodeArts Repo repository list page, click the alias in the upper right corner, and choose All Account Settings > Repo > Whitelists for All Accounts, as shown in the following figure. The configuration rules are the same as those of repository-level IP address whitelists.
Only tenant accounts have permissions to configure Whitelist for All Accounts. Click
next to Add Address and select Prioritize this List. For details about the logic of cloning the Git client or downloading the repository source code on the UI, see the following table.Account-level Whitelist Prioritized (Prioritize This List)
Configure Tenant-level Whitelist
Configure Repository-Level Whitelist
Priority
Enabled
×
×
All IP addresses are allowed.
×
√
The repository-level whitelist prevails.
√
×
The tenant-level whitelist prevails.
√
√
The intersection of the tenant-level whitelist and repository-level whitelist prevails.
Disabled
×
×
All IP addresses can pass.
×
√
The repository-level whitelist prevails.
√
×
The tenant-level whitelist prevails.
√
√
The repository-level whitelist prevails.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
