IP Address Restrictions

IP Address Restrictions is a feature to restrict access using source IP addresses.
For example, you can allow access to cybozu.com to just IP addresses of your offices, and deny accesses from external sources.
By limiting access locations and blocking accesses from external sources, you can effectively prevent unauthorized accesses from external third parties.

Image of IP address restrictions

Users Who Can Configure IP Address Restrictions

  • cybozu.com Store Administrator
  • Users & System Administrators who have permission to configure access control

For details, refer to "Types of Administrators".

Procedure

To configure IP Address Restrictions, specify the "global IP address" of the network from which you want to allow the access.
For the global IP address of your network, contact your network administrator or Internet service provider. You can specify multiple global IP addresses.
Described below is the procedure to configure IP Address Restrictions.

When cybozu.com Store Administrators Configure This Feature

  1. Access cybozu.com Store.

  2. Log in by entering the e-mail address and password of a cybozu.com Store Administrator. Login screen If you forgot your login information, refer to "Cannot Log In to cybozu.com Store".

  3. Click "Domains".

  4. Click "Security & Authentication".
    Select the domain you want from the drop-down list, if multiple domains are owned. Domain administration screen

  5. Click Change in the "IP Address Restrictions" section.
    Domain administration screen

  6. Select your desired option from "Deny all" and "Allow specific IP addresses".
    Options can be added or edited later. Domain administration screen

    • If you select "Allow specific IP addresses":
      • IP Address:
        Specify global IP addresses of the network from which you want to allow the access. You can specify up to 2,900 IP addresses.
        Only IPv4 addresses can be specified. IPv6 addresses cannot be specified.
      • CIDR:
        CIDR must be filled in only when you want to specify a range of IP addresses.
    • If you specify a large number of IP addresses:
      You can use a CSV file to batch import the IP addresses.
      For details, refer to "CSV File Format for Importing IP Addresses".
  7. Check the information you entered and then click Save.
    Once the configuration completes, an e-mail is sent to the e-mail address of cybozu.com Store Administrator.

When Users & System Administrators Configure This Feature

  1. Access the "Users & System Administration" screen.

  2. Under "Security", click Access Control. Image of the Access Control option

  3. Click "Configure Now" or "Go to the cybozu.com Store".
    The appearance of this link varies depending on the settings of cybozu.com Store.
    Example of link Example of link

  4. For the subsequent procedures, refer to "When cybozu.com Store Administrators Configure This Feature".

CSV File Format for Importing IP Addresses

You can import a CSV file to register IP addresses. Include the field names on the first row and the values on the second and subsequent rows.

Example:
IP Address CIDR About Me
61.202.247.1   Tokyo office
61.202.247.2   Osaka office
61.202.247.5   Sapporo office
24.4.25.121   San Francisco office

You can download a sample CSV file from example.csv.

Settings Needed for Enabling Access While on a Business Trip or Working Remotely

Confirm the types of networks users are using while they are on business trips or working remotely.
Described below are typical use cases.
Note that accesses are made from addresses other than the allowed IP addresses in the following examples.

  • Using a public wireless LAN or a hotel's guest LAN during the business trip
  • Using a home network when working remotely
  • Using a mobile network (such as 4G) outside the office

If users access in the above-mentioned situations, configure the Basic Authentication or Client Certificate Authentication in addition to IP Address Restrictions. For details, refer to the following page:

Combining "IP Address Restrictions" with "Basic Authentication"

By combining IP Address Restrictions with Basic Authentication, you can change the target of access control.
Following combination patterns are recommended.

  • Pattern 4
  • Pattern 5
  • Pattern 6
Combining IP Address Restrictions with Basic Authentication
IP Address Restrictions Basic Authentication Result
Pattern 1 Allow all Not configured Accesses from all IP addresses are allowed.
Security level gets impaired.
Pattern 2 Allow all Configured You cannot combine these two options.
Basic Authentication can be configured only when IP Address Restrictions is configured.
Pattern 3 Deny all Not configured All accesses are denied.
Pattern 4 Deny all Configured The authentication dialog is displayed.
Only users who know credentials can access.
Pattern 5 Allow specific IP addresses Not configured For example, if you allow 192.0.2.0, only the network with this IP address can access.
Pattern 6 Allow specific IP addresses Configured
  • If you allow 192.0.2.0:
    Only the network with this IP address can access.
  • If access is tried from other IP addresses:
    The authentication dialog is displayed.
    Only users who know credentials can access.

Enhancing Security

By improving the password strength, you can enhance the security of your services.
You should do this if accesses are made from networks other than allowed networks.
For details, refer to "Specifying Password Complexity and Password Expiration".