IP Content Restrictions

How IP Restrictions Work

IP restrictions use a top-down approach when evaluating configured IP ranges. This means that pages higher up in the intranet heirarchy that contain IP content restrictions will override pages lower down in the heirarchy.



A page on the intranet, /content/123, has an IP content restriction. Another page, /content/456, which is a child of /content/123, also has an IP content restriction. In this case, the IP content restriction rules for /content/123, which is higher up in the heirarchy, will supercede the rules configured for /content/456, even if the /content/456's rules contradict /content/123's.

So, in the image above, even though /content/456 allows IP addresses between -, access to that page will be denied due to the fact that the parent page, /content/123, defines a more restrictive rule than /content/456.

Enable IP Content Restrictions

The first step to configuring IP content restrictions is to enable it. To do this, navigate to the Administration panelAdvanced options section > Configuration settings page and set the ip.content.restrictions.enabled setting to true. This will add the additional administrative option IP content restrictions under the Users & Security section of the Administration panel.

Adding IP Content Restrictions

To add IP content restrictions to pages, navigate to the Administration panelUsers & Security section > IP content restrictions page. To add a new IP range, click the Add IP range button in the section you want - Administration pages or regular pages. When this button is clicked, a dialog appears allowing you to select the following settings for the page you want to restrict.
  • Page: The page you want to restrict. Note: you cannot restrict access to the top content page (dashboard or content/1), or the people directory.
  • Allowable IP ranges: One or more allowable IP ranges. This feature uses CIDR notation to specify IP ranges, similar to how firewalls configure IP ranges.
You can add one or more sets of ranges to restrict access from different IP ranges.