IP Allowlist
We are excited to introduce a new security feature for Gitea Enterprise: an IP Allowlist. With this new feature, admins can improve their instance security by restricting access to certain IP addresses.
Feature Overview
The IP Allowlist feature provides admins with the ability to specify IP addresses from which they want to allow access to their Gitea Enterprise instance. This means you can directly control the set of IP addresses that are authorized to access your Gitea Enterprise instance, helping to improve overall security and reduce the risk of unauthorized access.
Configuring IP Allowlist
To set up the IP Allowlist, follow these steps:
-
Open the configuration file (
app.ini) of your Gitea Enterprise instance. -
Find the
[server]section in the configuration file. -
Add the parameter
IP_ALLOWLISTunder this section and specify the IP addresses that you want to allow. Please note, only the specified IP addresses will be able to access your Gitea instance thereafter. (Use comma to separate multiple addresses. CIDR is supported.)For example, If you want to allow two IP addresses, 192.0.2.1 and 192.0.2.2, your
[server]section should look like this:[server]
IP_ALLOWLIST = 192.0.2.1, 192.0.2.2 -
Save and close the configuration file.
-
Restart your Gitea Enterprise instance for the changes to take effect.
-
If your IP in not in the allowlist, you will be blocked and see like below image when you try to access the Gitea Enterprise instance.
And if you are trying to clone a repository, you will be blocked too:
Remember, careful consideration is needed when configuring this feature to avoid denying access to legitimate users.
Conclusion
The IP Allowlist feature in Gitea Enterprise provides administrators with an additional layer of security. It is extremely helpful against threats by allowing access only from trusted and specified IP addresses. For questions or assistance on this new feature, feel free to engage our support. We are constantly committed to improving Gitea Enterprise to better serve your needs.