IP restrictions limit the use of features to a subset of IP addresses on the network. Typical use cases for configuring IP restrictions is to limit access to the local network, exclude devices known not to support a feature, or restrict which IP addresses should be allowed to communicate with your Atlassian application.
The restriction modes are used to specify how to restrict access based on the unblocked list and blocked list. The possible modes are No restriction, Allow, and Deny.
No restriction DEFAULT
No restriction based on IP addresses.
Only IP addresses specified in the unblocked list are enabled. If an address matches both lists, the blocked list takes precedence. As such, you can specify IP ranges in the unblocked list and override specific IP addresses with the blocked list.
All IP addresses are enabled except those specified in the blocked list. If an address matches both lists, the unblocked list takes precedence. As such, you can specify IP ranges in the blocked list and override specific IP addresses with the unblocked list.
IP address matching syntax
When adding IP addresses to the unblocked and blocked list, you can use a combination of full Ip addresses, IP address prefixes, and regular expressions.
Full IP addresses
Use the full IP address to target a specific device.
IP address prefix
Use IP address prefix to target a range of IP addresses. This syntax targets all IP addresses starting with the given prefix. The prefix must end with a dot / punctiation mark: '.'.
Use CIDR address prefix to target a range of IP addresses.
If you need even more control when targeting IP addresses, you can create your own matching rules using regular expressions.
NOTE: For Kantega Single Sign-on to evaluate IP restrictions correctly when behind a reverse proxy, the IP address must be communicated to the Atlassian application. See the yellow notification box in the below screenshot, which tells you the IP currently “seen” by the application.