You can control access to secure areas of your website easily via IP whitelisting. Silverstripe Cloud provides the ability to lock down access to sensitive areas of your website via IP whitelisting. The standard protections on non-production environments are not comprehensive (e.g. don't cover published assets), so we strongly recommend an IP whitelist.
There are three different types of whitelisting that is possible, each outlined below. Note that these IP whitelists apply only to your stack. They do not apply to any shared infrastructure (for example, the Service Desk, Deployment dashboard, or Gitlab code repository). IP whitelists you request only apply to the stack that you manage. In addition to this, the IP whitelist is applied across the entire stack (for example, if you are using subsites, the IP whitelist will apply to all subsites).
By default, your stack is not configured with any IP whitelists to lock down access. It is the responsibility of the agency to request these (if you want them), and this can be done free of charge via the Service Desk. Once IP whitelists are configured, the agency is responsible for making sure these are kept up to date as network boundaries change (for example, when internet service providers are changed or when offices move location).
The three different types of IP whitelist available for your stack differ only in where protection is applied—the method of locking users out is identical in all cases. To request that any of these IP whitelists be set up for your stack, or for more information, please raise a Service Desk request.
Admin whitelist
Applies to every URL that starts with /admin. This means that all content editing and other CMS access can only be done from the IP addresses you define. This can (and often should) be combined with the Security whitelist below.
Security whitelist
Applies to every URL that starts with /Security. This means that everyone who needs to log in or log out of the website must come from the IP addresses you define. This is recommended when you only require a small number of people to log in to the website (for example, only agency staff working from an office). If you allow the general public to log in to your website, this whitelist is not appropriate.
General whitelist
Applies to the entire stack. No access is possible to the stack except the IP addresses you define. This is the recommended option for intranets and other internal-only stacks hosted on Silverstripe Cloud if the stack should only be viewed from within a limited network boundary. To request that any of these IP whitelists be set up for your stack, or for more information, please raise a Service Desk request.