When to Whitelist IPs
Whitelist IPs for:
- Business partners who need access
- Suppliers checking inventory
- Verified customers blocked by rules
- Your own office/testing IPs
- Third-party service providers
Step 1: Collect IPs to Whitelist
Find an IP Address
Ask the person/organization for their IP, or:
- They can visit whatismyip.com
- Check your server logs for their access attempts
Note IP Type
- Static IP - Doesn’t change, ideal for whitelisting
- Dynamic IP - Changes periodically, less reliable
Step 2: Access Whitelist Settings
- Open SecurEcommerce
- Navigate to Blocking > IP Whitelist
- View current whitelist
Step 3: Add IP Addresses
Single IP
- Click “Add IP”
- Enter the IP address (e.g., 192.168.1.100)
- Add a note explaining who/why
- Save
IP Range (CIDR)
For multiple IPs in a range:
- Click “Add IP”
- Enter CIDR notation (e.g., 192.168.1.0/24)
- Add explanatory note
- Save
Step 4: Verify and Test
After whitelisting:
- Ask the whitelisted party to test access
- Verify they can reach your store
- Confirm blocking still works for others
Best Practices
Document Everything
For each whitelist entry, note:
- Who it’s for
- Why they need access
- When it was added
- Review date
Review Regularly
- Quarterly review of whitelist
- Remove outdated entries
- Verify still needed
Minimize Whitelisting
- Only whitelist when necessary
- Prefer narrow rules
- Don’t whitelist “just in case”
Common Whitelist Scenarios
Business Partner
Partner needs to check your catalog or inventory.
Blocked Customer
Legitimate customer caught by VPN or geographic block.
Development Agency
Your web developers need access during work.
Third-Party Service
Integration or service needs to access your store.
Cautions
Dynamic IPs
If the IP changes, whitelist becomes ineffective.
Shared IPs
Corporate networks may share IPs with others - whitelisting one person may allow others.
Security Balance
Every whitelist is an exception to your security rules. Use judiciously.