PhoenixDB
Docs/Security/IP Allowlist

IP Allowlist

Control which IP addresses can connect to your databases.

Network-Level Security

IP allowlisting adds an extra layer of security by only accepting connections from trusted IP addresses. Even with valid credentials, connections from non-allowed IPs will be rejected.

Default Behavior

All IPs Allowed

By default, PhoenixDB accepts connections from any IP address. This makes it easy to get started, but we recommend enabling IP restrictions for production databases.

How to Enable IP Allowlist

1

Go to Database Settings

In your dashboard, click on the database you want to secure, then open the settings or security tab.

2

Disable "Allow All IPs"

Toggle off the "Allow All IPs" switch to enable IP filtering.

3

Add Trusted IPs

Add the IP addresses that should be allowed to connect.

Add IP Address
203.0.113.50Office
198.51.100.0/24Production servers

Supported IP Formats

FormatExampleMatches
Single IPv4203.0.113.50Exactly 203.0.113.50
IPv4 CIDR198.51.100.0/24198.51.100.0 - 198.51.100.255
Single IPv62001:db8::1Exactly 2001:db8::1
IPv6 CIDR2001:db8::/32Entire /32 subnet

Common Use Cases

Office Network

Add your office's public IP address to allow developers to connect from the office.

Application Servers

Add your cloud provider's IP range (AWS, Vercel, Render, etc.) for production apps.

CI/CD Pipeline

Add GitHub Actions, GitLab CI, or other CI provider IP ranges for automated tests.

Remote Work

Add home IP addresses for remote developers (note: dynamic IPs may change).

Best Practices

Use CIDR for server ranges

Cloud providers often assign IPs from a range. Use CIDR notation to allow the entire range.

Add descriptive labels

Label each IP entry (e.g., "Office", "Prod Server") to track what each IP is for.

Review regularly

Periodically review and remove IPs that are no longer needed.

Test before enforcing

Make sure your app can connect before enabling restrictions in production.

Don't Lock Yourself Out

Always add your current IP address before enabling restrictions. If you do get locked out, you can still access the dashboard (which is always available) to update your allowlist.

Find Your IP Address

# Command line

curl ifconfig.me

# Or visit

https://whatismyip.com

Next Steps

SSL Encryption →

Learn about connection encryption

Plans & Pricing →

View available plans