Managing IP restrictions
On Jive Cloud Admin, you can set various IP restriction rules for the Jive site of your organization.
Jive Cloud Admin > IP Restrictions
General considerations
- A restart is not required.
- Restrictions take effect as soon as the task is complete. You can check the task status on the Recent Activities page. For more information, see Tracking recent activity.
- If the JCA task fails with a
Puppet failed while updating IP restrictionsmessage, contact Support. - IPv6 addresses for Hosted instances are not supported. IPv6 addresses can be added to Cloud instances only.
- If you want to set up another instance with similar rules, click Bulk Copy of Rules and then add the rules to the other instance.
Whitelisting and blacklisting
IP restrictions can be used to either allow only certain IP addresses access to your site (whitelisting) or to block access for only specific IP addresses (blacklisting).
- Whitelisting: Adding IP addresses to a whitelist means allowing access for only the whitelisted IP addresses and blocking all other IPs.
- Blacklisting: Adding IP addresses to a blacklist means blocking access for the blacklisted IP addresses and allowing all other IPs.
Whitelisting is a useful tool for allowing only a specific subset of known people to use your Jive instance. This is most often used for companies that are using Jive internally and only want their employees to access the site while they are on the company network. Blacklisting may be useful when you need to block certain groups of people from accessing your site. For example, you may use this to block spammers and bots.
People who are not allowed to access your site, either because they are on your blacklist or are not in the whitelist, are unable to load your site and see a Forbidden error message.
CIDR Notation — IP Restriction format
You must use CIDR notation when inputting your IP addresses when configuring an IP restriction rule.
The CIDR notation, or Classless Inter-Domain Routing, is a compact way of representing one or many unique IP addresses by using the first address of a network and the number of significant bits in its associated subnet mask. Additions to your installation's whitelist must be in IPv4 format.
IPv4 address ranges can use a maximum of 32 significant bits. For example, a single address can be represented as 192.168.100.0/32, while 192.168.100.0/23 represents the block of IPv4 addresses from 192.168.100.0 to 192.168.101.255.
Setting up IP restrictions
IP restrictions can be set up for the Jive site or the Admin Console.
Jive Cloud Admin > IP Restrictions
To set up IP restrictions:
-
Log into Jive Cloud Admin.
-
If you have more than one site, select the installation you want to update from the Choose an Installation menu.
-
Click IP Restrictions.
-
Under Global IP Restrictions settings, select the Enable JCX Management of restrictions check box, and then select Traffic with the client IP saved in the True-Client-IP header. This allows Support to access and update the restrictions if required.
-
To set restrictions for the entire site, under IP restrictions for: /, do the following:
- Select the Enable Whitelist or Enable Blacklist accordingly.
- Under Rule Type, select Whitelist these entries, deny all others if you want to allow access or select Blacklist these entries, allow all others if you want to prohibit access for the IPs in the list.
- Configure a whitelist or blacklist as follows:
- To add a single IP address, click Add entry and then enter an IP in CIDR format.
- To add multiple IPs, copy the IP list into the Bulk entry of restrictions box, ensuring each CIDR notation entry is on a new line in a plain text file.
- To remove a single entry, click Remove next to the IP you want to remove.
- To clear the list, click Remove all entries.
-
If you do not need restrictions for the Jive site, clear the Enable these IP restrictions check box.
-
To set restrictions for accessing the Admin Console, under IP restrictions for: /admin, do the following:
- Select the Enable Whitelist or Enable Blacklist accordingly.
- Under Rule Type, select Whitelist these entries, deny all others if you want to allow access or select Blacklist these entries, allow all others if you want to prohibit access for the IPs in the list.
- Configure a whitelist or blacklist as follows:
- To add a single IP address, click Add entry and then enter an IP in CIDR format.
- To add multiple IPs, copy the IP list into the Bulk entry of restrictions box, ensuring each CIDR notation entry is on a new line in a plain text file.
- To remove a single entry, click Remove next to the IP you want to remove.
- To clear the list, click Remove all entries.
-
If you do not need restrictions for accessing the Admin Console, clear the Enable these IP restrictions check box.
-
Click Save.
-
To add a single rule to an enabled list:
- Under Add or Replace IP Restrictions, select Add Single IP Restriction.
- Select / to apply the rule to the whole community or select /admin to apply the rule to the Admin Console.
- Select whether you want to add the rule to the Whitelist or Blacklist.
- Enter the IP address in CIDR format.
- Click Add.
- Click Upload. The rule is added to the list.
-
To add multiple rules in bulk to an enabled list:
- Under Add or Replace IP Restrictions, select Add Multiple IP Restrictions By File.
- Select / to apply the rule to the whole community or select /admin to apply the rule to the Admin Console.
- Select whether you want to add the rule to the Whitelist or Blacklist.
- Click Browse to find your file.
- Click Upload.
-
To update multiple rules in bulk:
- Under Add or Replace IP Restrictions, select Replace All IP Restrictions By File.
- Select / to apply the rule to the whole community or select /admin to apply the rule to the Admin Console.
- Select whether you want to add the rule to the Whitelist or Blacklist.
- Click Browse to find your file.
- Click Upload.
-
Click Save.