Artifakt allows you to restrict your private or development environments by IP filtering or by password protection.
IP Address Groups
To apply restrictions to environments, you must first create IP address groups from Project → Settings → Security. This allows you to quickly target a logical set of IP addresses when configuring your environments, for example, the IP addresses of your office or those of your employees' homes when they work remotely.
Creating an IP address group
Please note that:
IP address groups can be reused in multiple environments.
IP addresses can use the CIDR format to authorized IP ranges (e.g. 0.0.0.0/32) but it should start at the first address of the CIDR block you want to use (e.g. 188.8.131.52/28 --> 184.108.40.206/28)
Creating the groups does not automatically update the environments for security reasons. After creating a group on the project level, you will have to manually add it to the restriction lists on your environment as seen below.
For added security, you have the ability to open or closeaccess to your environments to specific IP addresses. To apply these restrictions, go to Environment → Settings → Security.
Deny and Allow lists
By default, the maximum number of IP addresses allowed for restriction is 50. If you need more, please contact our Support team.
Filtering Accesses using Allow Lists
The allow list lets you filter access to the servers powering your environment. Only the IP addresses of the selected groups will be allowed to access the environment. All other IP addresses will be blocked and won't be able to access the environment.
The allow list can be applied both to the frontend of your application (HTTPS requests generated by your visitors) and to SSH access to the servers.
Please note that:
IP restrictions could take couple seconds to be applied on your environment.
Be sure your IPv4 and IPv6 are both present in the allow list to get access to the environment.
Filtering Accesses using Deny Lists
The deny list lets you to do the opposite of the allow list. The IP addresses of the selected groups won't be allowed to access the servers. All other IP addresses will be allowed.
For security reasons, it is not possible to enable the deny list for SSH access to the servers. Indeed, to protect this access effectively, it is preferable to use only allow lists.
Filtering Accesses on APEX domains
Due to the nature of the rules on IP filtering, filtering the traffic on APEX domains overrides the configuration of other subdomains.
Rule 1: On a staging environment, allow access on staging.acme.com to the IP 220.127.116.11
Rule 2: On the production environment, deny access on acme.com to the IP 18.104.22.168
Resulting policy: Deny access to IP 22.214.171.124 on all domains containing acme.com, including staging.acme.com
It is also possible to protect access to your environment by using a password. To enable this feature, go to Environment → Settings → Security, click on Add Password Restriction then fill the form with a login, password and the path you want to restrict.
Adding a password restriction
Note that you can restrict access to all or part of the environment. Simply enter the path you want to protect when creating access (use /* to protect all the pages of your application).
If you wish to restrict access to several distinct parts of the environment, you must add several password restrictions. Simply repeat the process described above.