Skip to main content

IP Blocking

Control which IP addresses can access the SecTrail MFA management panel. Only listed IP addresses can access the admin panel. If no rules are defined, all IPs can access the management panel.

Critical Warning

Be extremely careful when adding IP restrictions. If you block your current IP address, you will lose access to the management panel. Always ensure at least one of your IP addresses is on the allowed list.

IP Address Formats

SecTrail MFA supports two different IP formats:

1. Single IP Address

Allow a specific IP address.

Example:

192.168.1.100
10.0.0.50
203.0.113.45

Use Case:

  • Administrator's static office IP
  • Specific management server
  • Single trusted location

2. IP Range (CIDR Notation)

Allow an IP range using CIDR notation.

Example:

192.168.1.0/24    → 192.168.1.0 - 192.168.1.255 (256 IPs)
10.0.0.0/16       → 10.0.0.0 - 10.0.255.255 (65,536 IPs)
172.16.0.0/12     → 172.16.0.0 - 172.31.255.255 (1,048,576 IPs)

CIDR Calculation Table:

CIDRSubnet MaskAvailable IP CountExample Range
/32255.255.255.2551 IP192.168.1.100
/24255.255.255.0256 IPs192.168.1.0 - 192.168.1.255
/16255.255.0.065,536 IPs192.168.0.0 - 192.168.255.255
/8255.0.0.016,777,216 IPs10.0.0.0 - 10.255.255.255

How It Works

Allowed IP List Logic:

Authentication Request (Admin Panel Login)

IP Address Check

┌─────────────────────────────────────────┐
│ IS IP IN THE IP LIST?                   │
├─────────────────────────────────────────┤
│                                         │
│ YES → ✅ ALLOW ACCESS                   │
│                                         │
│ NO → ❌ BLOCK ACCESS                    │
│         "IP Address Unauthorized" Error │
│                                         │
└─────────────────────────────────────────┘

Important Points:

  1. Whitelist Approach: Only IPs in the list can access
  2. Empty List = Everyone Can Access: If no IPs are added, there are no restrictions
  3. First Match: The first matching rule applies
  4. Admin Panel Specific: This restriction applies only to the management panel, it does not affect end-user authentications

Secure IP Restriction Setup

Step 1: First, add your own IP
Step 2: Test (verify access from the same IP)
Step 3: Test access from a different IP (should be blocked)
Step 4: Add other administrator IPs
Step 5: Test after each addition