You can control access to secure areas of your website easily via IP whitelisting.
CWP provides the ability to lock down access to sensitive areas of your website via IP whitelisting. The standard protections on non-production environments are not comprehensive (e.g. don't cover published assets), so we strongly recommend an IP whitelist.
There are three different types of whitelisting that is possible, each outlined below. Note that these IP whitelists apply only to your stack. They do not apply to any CWP shared infrastructure (for example, the Service Desk, Deployment dashboard, or Gitlab code repository). IP whitelists you request only apply to the stack that you manage. In addition to this, the IP whitelist is applied across the entire stack (for example, if you are using subsites, the IP whitelist will apply to all subsites).
By default, your stack is not configured with any IP whitelists to lock down access. It is the responsibility of the agency to request these (if you want them), and this can be done free of charge via the CWP Service Desk. Once IP whitelists are configured, the agency is responsible for making sure these are kept up to date as network boundaries change (for example, when internet service providers are changed or when offices move location).
The three different types of IP whitelist available for your stack differ only in where protection is applied—the method of locking users out is identical in all cases.
To request that any of these IP whitelists be set up for your stack, or for more information, please raise a Service Desk request.
Applies to every URL that starts with /admin. This means that all content editing and other backend CMS access can only be done from the IP addresses you define. This can (and often should) be combined with the Security whitelist below.
Applies to every URL that starts with /Security. This means that everyone who needs to login or logout of the website must come from the IP addresses you define. This is recommended when you only require a small number of people to login to the website (for example, only agency staff working from an office). If you allow the general public to login to your website, this whitelist is not appropriate.
Applies to the entire stack. No access is possible to the stack except from the IP addresses you define. This is the recommended option for intranets and other internal-only stacks hosted on CWP, if the stack should only be viewed from within a limited network boundary.
To request that any of these IP whitelists be setup for your stack, or for more information, please raise a Service Desk request.