+ Start a Discussion
kerryland6kerryland6 

IP Range restrictions not working?

Hi Folks,

 

 

I have a public 'site' that works fine until I turn on IP Range restrictions. This problem only exists in production. Our 'sandbox' instances work fine with IP Range restrictions enabled.
Here is a step-by-step explanation of how I can reproduce the problem:
1. Visit our public website, with no IP-Range security turned on:
2. See that we get XML returned correctly (this works best in Firefox, btw -- in Chrome you will see a blank page, and have to 'view source')
3. Restrict access to our site by performing the following steps:
Setup | Develop | Sites 
Click 'Site Label'
Click "Public Access Settings"
Click "Login IP Ranges"
Click "New"
Enter IP range xxx.xx.xx.xxx to xxx.xx.xx.xxx (which is our public ip address, as verified by whatismyip.com)
4. Wait for a few moments -- the change seems to take a little while to take effect
5. Visit our public website, now with IP-Range security turned on:
6. Instead of the same XML I saw in step 2 I instead see:
      Authorization Required
      We're sorry, you've attempted to access something you're not authorised to view.
If I perform exactly these steps in our Sandbox it works fine -- step 6 displays the expected XML.
Note also that no errors are reported in the debug logs when I perform step 5.
Am I missing something? I've really got no idea where to look next. Salesforce support suggested that I "remove the settings first from the Sandbox since it might be conflicting with the Production environment", so I'm hoping 
for a more useful response here :-)

 

Thanks

Kerry

kerryland6kerryland6

Ok -- I've figured it out.

 

In production, but not in Sandbox, when you enable IP range restrictions you must also use the https protocol, and the https URL.

 

ie:

 

http://my-site.force.com            IP range restrictions not in place, or in Sandbox

https://my-site.secure.force.com    IP range restrictions in place

 

Why Salesforce have linked an IP range restriction with enforced use of https is a mystery, as is why it only applies to production instances, but hey, at least I have it working now.

 

Thanks for listening!

 

Kerry

Ryan-GuestRyan-Guest

You're correct about IP restrictions, glad you figured it out so quickly. 

 

The reason we don't support IP restrictions with HTTP is that with HTTP traffic we cache content aggresivley using a 3rd party CDN and an internal cache network. In order to offer the increased performance we don't allow IP restrictions.