Before you start
Things you need to know:
IP allow listing is only available to certain account types. Contact your Customer Success representative to discuss.
Domain allow listing
You can restrict the recording of events to a selected list of domains by adding them to the domain allow list.
By default this list is empty, in which case events can be received from any domain.
To enable the domain allow list:
Expand the User menu and go to Settings > Security and privacy > Domain allow list.
Enter the domains you want to allow events for in the Domain allow list field. To include multiple domains on the allow list, each domain must be specified on a separate line.
Sub-domains are considered to be separate domains, so if you want to block events from any site other than www.example.com, you need two entries:
example.com
www.example.com
Select SAVE.
When you set up the domain allow list, make sure to include any external domains you might use, for example, where checkout pages are hosted on a different domain to your main site.
IP allow listing
Before you start
If you want to enable IP allow listing, you must contact Support.
We provide an IP allow listing feature that enables you to specify a list of IP addresses or CIDR blocks that can access your administration site and API. If access attempts are made from IP addresses outside the allowed ranges, they are denied and recorded.
If no values are added to the IP allow list, there are no restrictions.
Supported formats (IPv4 only)
Single IP address
Range of IP addresses
Separated by-without spaces. Must be aligned on a network boundary and map to a valid prefix length.CIDR notation
Examples
Format | Example |
Single IP address | 10.0.2.7 |
IP range | 10.0.0.0-10.0.0.15 |
CIDR notation | 10.0.1.0/30 |