DigitalOcean is an IaaS (infrastructure as a service) platform that has become quite popular, particularly among open source developers. As an IaaS provider, the service allows users to outsource hardware resources like servers, storage and networking devices, for enhanced efficiency and cost effectiveness.
Even with the benefits of cloud computing, web and software development can get pretty complicated. Networking in particular can cause a lot of confusion, but luckily DigitalOcean offers solutions that make it easy to control both inbound and outbound traffic. This is a very valuable feature, especially when you want to allow access to trusted users only.
The purpose of this article is to explain how this can be done through a process known as IP whitelisting. DigitalOcean makes it easy to whitelist specific IP addresses so you can control access to your content or web-based assets.
A common use case for whitelisting an IP address is when you’re developing a website and you want to see how it looks and performs in a live environment, but aren’t yet ready to publish it for the world to see. IP whitelisting allows you to essentially stage the website in a way that is live but only accessible through designated network channels.
What is an IP?
An IP address is basically the unique identifier of networked machines that communicate via internet protocol. The most common form of IP address is IPv4 (version 4), which looks like a group of 4 decimal numbers, separated by periods, each of which represents a value that is based on binary code. The newer IPv6 model is a similar concept but is instead made up of 8 hexadecimal values separated by colons. Both IP formats are simply intended to allow machines to communicate with one another through numbers.
What is Whitelisting?
To whitelist an IP address is basically to instruct a networked device to allow traffic from another (whitelisted) device. An IP whitelist is essentially a list of addresses that are allowed to communicate over a given network.
The opposite of whitelisting is blacklisting. A blacklist, in the context of information technology, is a list of sources that aren’t allowed transmission, perhaps due to being untrusted or risky.
Whitelisting is a great way to ensure privacy and security of sensitive data. Its main advantage over blacklisting is that it is much more restrictive (since it restricts everything not included on its list by default).
Knowing how to whitelist is essential when dealing with things like firewall or other tools that restrict access, because without whitelisting you won’t be able to allow access to the devices that actually need it.
DigitalOcean makes the process especially easy with their highly intuitive user interface. The main dashboard is especially user-friendly and simple to navigate, but here we will explain how to whitelist an IP on DigitalOcean so new users don’t face any issues.
DigitalOcean allows developers to deploy what they call “droplets,” which are virtual machines that operate using Linux. As a user, you can custom select your own storage and RAM parameters according to your specific needs and budget, as well as which Linux operating system you want to use. It supports a number of network protocols, including SSH (Secure Shell). You can even use premade VM images, which they call “One-click Apps.”
How to Whitelist (Step by Step)
Step 1: On the main dashboard, click the Networking tab.
Step 2: Then, click the Firewalls tab.
Step 3: Type a custom name into the Name field.
Step 4: Below the Name field you’ll see your Inbound and Outbound Rules. This is where you set your whitelist settings. By default, the Sources allowed under Inbound Rules includes all IPv4 and IPv6 addresses, which basically means that access is totally open. Delete those sources so that access is blocked.
Step 5: At the bottom of the screen, you’ll see an Apply to Droplets field. Type in the name of your droplet or droplets (a dropdown should appear as soon as you start populating the field, from which you can choose your droplet name). This applies your access settings to your droplet or droplets of choice.
Step 6: Click the Create Firewall button under the Apply to Droplets field to complete the task.
Step 7: Now you will see your firewall on the screen with no sources. This is the part where you add the whitelisted sources. Click the More dropdown on the right, then click Edit Rule.
Step 8: The source field should now be active. Populate that field with the IP address that you wish to whitelist, then click Save.
You can add as many sources as needed to your list, and you can customize each rule you create for different types of traffic (SSH, HTTP, HTTPS, etc.). You can also create Outbound rules, which will restrict access to external resources that are designated in similar fashion.