Skip to content

Update to the access restriction profile - Release Oct 5 #10203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: development
Choose a base branch
from
Open

Update to the access restriction profile - Release Oct 5 #10203

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f8f9b6e
feat: updating doc per release update
OlufunkeMoronfolu Oct 8, 2025
0743da8
chore: punctuation updates
OlufunkeMoronfolu Oct 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 33 additions & 8 deletions content/en/docs/deployment/mendix-cloud-deploy/access-restrictions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ When configuring an access restriction profile, keep the following consideration

* Access restriction profiles are configured at the application level. They can be reused in all the environments (for example test, acceptance, production) of an app.
* Access restriction profiles can contain any number of IPv4 address ranges, client CAs, or both.
* If an access restriction profile contains both IP address ranges and client CAs, then any match on either the IP range or the client certificate will grant access.
* If an access restriction profile contains both IP address ranges and client CAs, then any match on either the IP range or the client certificate will grant or deny access.

### Configuring Access Restriction Profiles {#access-restriction}

Expand All @@ -54,7 +54,7 @@ To rename an access restriction profile. follow these steps:
1. Locate the profile of interest from the **Access Restriction Profiles** page.
2. Click the **More Options** ({{% icon name="three-dots-menu-horizontal" %}}) icon.
3. Click **Edit**.
4. In the edit page enter the new name.
4. In the edit page enter the new **Profile Name**.
5. Click **Save** to apply your changes.

#### Specifying TLS Client Certificate Verification
Expand All @@ -81,14 +81,39 @@ Click **Save** to save the current certificate profile.
Your CA for TLS client certificate verification should be different from the CA used to sign the SSL certificate configured for any custom domain of the app. Using the same CA for both can result in browsers requesting client certificates on all paths of your application.
{{% /alert %}}

#### Specifying IP Ranges {#ip-ranges}
#### Configuring Allowed IP Ranges {#ip-ranges}

You can specify a number of different IP ranges. Click **Create New Profile** to add a new IP range, or use **Edit** or **Delete** to modify an existing IP range.
You can define IP profiles to specify which IP addresses or ranges are explicitly allowed to access your application.

For each IP range, you can do the following:
To manage these profiles:

* Enter a **Profile Name**
* Specify a range of addresses. Mendix Cloud supports both IPv4 and IPv6 format addresses.
* In the **IP Filtering Profiles** section, click **Create New Profile** to add a new IP range
* To modify an existing profile, select it and click **Edit**({{% icon name="pencil" %}})
* To delete a profile, select it and click **Delete**({{% icon name="trash-can" %}})

For each profile, specify the following details:

* **Profile Name**: Enter a descriptive name for the IP range
* **IPv4/IPv6 range**: Enter the specific IP address range. Mendix Cloud supports both IPv4 and IPv6 formats

Requests originating from an IP address within these allowed profiles will be granted access to your application.

#### Configuring Denied IP Ranges {#denied-ip-ranges}

You can define IP profiles to specify which IP addresses or ranges are explicitly denied access to your application.

To manage these profiles:

* In the **Denied IP Profiles** section, click **Create New Profile** to add a new IP range
* To modify an existing profile, select it and click **Edit**({{% icon name="pencil" %}})
* To delete a profile, select it and click **Delete**({{% icon name="trash-can" %}})

For each profile, specify the following details:

* **Profile Name**: Enter a descriptive name for the IP range
* **IPv4/IPv6 range**: Enter the specific IP address range. Mendix Cloud supports both IPv4 and IPv6 formats

Requests originating from an IP address within these denied profiles will be blocked from accessing your application.

## Applying a Restriction to an Application Environment

Expand Down Expand Up @@ -130,7 +155,7 @@ To restrict access to the app to an IP range, follow these steps:
3. Switch to the **Access Restriction Profiles** tab.

4. Create an access restriction profile.
5. Add one or more IP ranges to the access restriction profile.
5. Add one or more IP ranges to the **Denied IP Profiles**.

6. Save the access restriction profile.
7. Go to the **Deploy** tab of the **Environments** page. Click **Details** ({{% icon name="notes-paper-edit" %}}) on the desired environment.
Expand Down