Manage IP Address Allow List
The IP address allow list is a security feature that controls and restricts access to the Digital.ai Platform based on specified IP addresses. When an IP allow list is configured, only the approved IP addresses or IP ranges can access the Platform, while all other connections are blocked.
By adding an external party's IP address to the allow list, administrators ensure that these users can connect to the Platform without compromising security.
This feature supports both IPv4 and IPv6 address formats. Entries must be provided in CIDR notation.
Enable the IP Allow List
IP restrictions are not applied until the changes are saved.
- Log in to the Platform.
- From the left-hand navigation panel, go to Settings → Access and Visibility.
- In the IP Allow List section, click the Enable IP allow list checkbox.
- Click Add IP address range and enter the desired individual IP addresses or IP ranges.
- Repeat the previous step to add more IP addresses or ranges.
- Once you are satisfied with your changes, click Save at the bottom of the page.
- To undo changes before saving, click Discard or navigate away from the page.
Edit or Delete an IP Allow List Entry
- To Edit an entry, click the existing IP address or range and update it with the new value.
- To Delete an entry click the Trash icon next to the corresponding IP address or range.
- Once you are satisfied with your changes, click Save at the bottom of the page.
Disable the IP Allow List
- To disable the IP Allow List entirely, clear the Enable IP allow list checkbox.
- Click Save to apply the change.
Troubleshoot IP Address Issues
When you access the API from an unauthorized IP address, your requests are blocked and the response includes the X-K6i-Waf-Blocked header to indicate the reason.
IP Address Not Allowed (403 Error)
When an IP address is not on the allow list, you receive an HTTP 403 status with the following headers:
HTTP/1.1 403 Forbidden
X-K6i-Waf-Blocked: ip-allowlist
X-K6i-Waf-Rule: host:true path:true jwt:false token:true
The X-K6i-Waf-Rule header shows which security checks passed (true) or failed (false):
| Component | Description |
|---|---|
host:true | The hostname is allowed |
path:true | The URL path is allowed |
jwt:false | Your token or IP is not allowed |
token:true | Your API token is valid |
All components must be true for your request to succeed. If any component is false, your request is blocked.
It Worked Yesterday, Now I Am Blocked
Your IP address probably changed. This happens when:
- Your router or modem restarts
- Your ISP assigns you a new dynamic IP address
- You connect from a different network
Sometimes It Works, Sometimes It Does Not
You may have multiple outbound IP addresses (common with load balancers or VPNs). Some IP addresses are on the allowlist while others are not.
Contact Support
If you are still having issues after adding or removing IP addresses to the IP allow list, contact Customer Support.
To find your current IP address, use:
curl https://api.ipify.org
Be sure to include the following information in your support request:
- The
X-K6i-Waf-Ruleheader value - Your current IP address:
curl https://api.ipify.org - Whether you recently changed networks or locations
- Request details:
- Endpoint URL
- Timestamp of when the error occurred