IP Address Restriction

IP Address Restriction

IP Address Restriction is a whitelist-based access control that allows login only from pre-registered trusted IP addresses.

Why Use IP Address Restriction

In addition to login URL changes and password protection, limiting which networks can access the login page in the first place eliminates the possibility of attacks at the source.

This is particularly effective in the following scenarios:

• Office environments with static IPs: Access the admin dashboard only from the corporate network
• VPN-based access: Allow only VPN server IPs
• Limited number of administrators: Allow only specific individuals' IPs

Note: If you use a dynamic IP (residential internet), your access may be interrupted each time your IP changes. For dynamic IP environments, reCAPTCHA or OTP authentication is recommended over IP restriction.

Configuration

1. Navigate to SentinelSecurity → Login Security → IP Restriction
2. Toggle the switch to Enabled
3. Enter trusted IP addresses in the Allow List, one per line
4. Click Save

Input Formats

The following formats are supported:

CIDR Notation Examples

Behavior Behind Proxies and CDNs

When using a CDN like Cloudflare or a reverse proxy, the client's real IP address is stored in specific headers. SentinelSecurity retrieves the client IP in the following priority order:

1. HTTP_CF_CONNECTING_IP (Cloudflare)
2. X-Forwarded-For
3. X-Real-IP
4. REMOTE_ADDR

How to Check Your IP Address

You can check your current IP address using any of the following methods:

• Search "my ip address" on Google
• Run curl ifconfig.me in the terminal
• Check the "Your IP" info displayed on the SentinelSecurity dashboard

Notes

• IP restriction applies only to login page access. Public-facing pages are not affected
• Do not enable this feature with an empty Allow List — all users will be locked out
• Keep FTP access available as a fallback in case your IP address changes