Quick Tips - Cloudpage IP Allowlists


Did you know that it’s possible to create an IP Allowlist for a Cloud Page? With a little bit of SSJS (and in this example a bit of AMPscript) you can add a little layer of security to your Cloud Pages. So, whether it's because it's a work in progress or they are for internal use only - it's a nifty little trick to keep up your sleeve!

NB: We do not recommend that you use this method in place of best security practices. Do not expose any functionality that in any way creates a security vulnerability or confidential information of any kind using this technique. Use of this technique is under the explicit understanding that an IP Allowlist is not a fully secure method to store or share information.

An IP Allowlisting process is made up of 2 components:

  1. A list of IP Addresses you want to give access to in a Data Extension
  2. A script on a Cloudpage to check if the IP Address someone is using to access your Cloudpage

Step 1:

Create your Data Extension, with a 32 character text field (This gives you enough characters for IPv6 Allowlisting). In this instance, the script is looking at a Data Extension called IPAllowlist with the field allowableIP.

Step 2:

Add your IP address(es) to the Allowlist DE created above. If you don’t know your IP address, there’s plenty of websites that will advise you on what your IP address is. Even Google will return an IP address if you just search “What is my IP”. Would recommend including IPv4 and IPv6 just in case.

Step 3:

Open up your cloud page and add the below script to the top of your cloud page, either in a HTML Block or after the if you’re building your page in pure code.

<script type="javascript" runat="server">
Platform.Load("core","1");
var ip = Platform.Request.ClientIP();
Variable.SetValue("ip",ip);
</script>
%%[
set @ipranges = LookupRows('IPAllowlist', 'allowableIP',@ip)
set @rowCount = rowcount(@ipranges)
if @rowCount > 0 then
]%%

This could all be done in SSJS, but it’s a short and sweet example of using Variable.SetValue to pass an attribute between SSJS and AMPscript if you ever need to do that!

Step 4:

Put your content in the body of your Cloudpage

Step 5:

Add this piece of AMPscript to the bottom of the page:

%%[ Else ]%%
<div>
Access Denied
</div>
%%[ ENDIF ]%%

Step 6:

Publish your Cloud Page & test it out. Try connecting on your phone or just removing your IP address from the Allowlist Data Extension to prove that you get the Access Denied message pop up.

Job done.

You’ve implemented an Allowlist on your Cloudpage.

All Rights Reserved
Made with by your fellow SFMC users.
All Rights Reserved
Made with by your fellow SFMC users.