Restrict IPs
Overview
The Restrict IPs Traffic Policy action allows you to allow or deny traffic based on the source IP address of connections to your ngrok endpoints.
You can define rules using either Allow and Deny lists, or Reference IDs to existing ngrok IP Policies.
Configuration Reference
The Traffic Policy configuration reference for this action.
Supported Phases
on_http_request
, on_http_response
, on_tcp_connect
Type
restrict-ips
Configuration Fields
enforcebooleanRequired
Default true. If false, continue to the next action even if the IP is not permitted.
allowarray of strings
A list of CIDRs that are allowed.
denyarray of strings
A list of CIDRs that are denied.
ip_policiesarray of refs
List of IP Policy identifiers to be checked if the source IP is allowed access.
Behavior
Evaluation of Rules
This action evaluates the configured rules against the layer 4 source IP
(conn.client_ip
) of a connection.
HTTP headers like X-Forwarded-For
are never used.
Allow and Deny Conditions
A connection is allowed only if its source IP matches at least one of the allowed CIDRs and does not match any of the denied CIDRs.