Friday, October 15, 2010

New Security Feature: Restrict account access by IP address

You can now restrict access to your JangoMail email account by IP address. You can specify a range of allowable IP addresses or a single IP address.

To restrict access by IP address, go to Settings --> Security --> IP Addresses. Simply enter in a single IP address or a range of IP addresses and designate whether the restriction should apply to the web interface, the API, or both.

In the above screenshot, the IP address range can access the web interface for this account, while the single IP is the only IP address that can access the API for this account.

If there are no IPs entered, as is the default on accounts, then there are NO restrictions on which IP addresses can access your account. As soon as you enter at least one IP range, then that becomes the range from which your account must be accessed.

If a user attempts to login to the web interface from an unauthorized IP address, then the user will see the following message:

If the API is called by a node outside of the authorized IP addresses, then an exception will be thrown, as shown below: