With Trusted IPs enabled, only visitors from an allowed IP address can access your deployment. The deployment URL will return 404 No Deployment Found for all other requests. Trusted IPs is configured by specifying a list of IPv4 addresses and IPv4 CIDR ranges.
Trusted IPs is suitable for customers who access Vercel deployments through a specific IP address. For example, limiting preview deployment access to your VPN. Trusted IPs can also be enabled in production, for example, to restrict incoming access to only requests through your external proxy.
The table below outlines key considerations and security implications when using Trusted IPs for your deployments on Vercel.
Consideration | Description |
|---|---|
General Considerations | |
Environment Configuration | Can be enabled for different environments. See Understanding Deployment Protection by environment |
Compatibility | Operates as a required layer on top of Vercel Authentication and Password Protection. For optional layering, see Standalone Trusted IPs |
Bypass Methods | Can be bypassed using Shareable Links and Protection Bypass for Automation |
IP Address Support | Supports IPv4 addresses and IPv4 CIDR ranges |
Prerequisites | |
Preview Environment Requirements | Can only be enabled in preview when Vercel Authentication is also enabled. For independent use, see Standalone Trusted IPs |
External Proxy Configuration | Requires rulesets configuration to avoid blocking proxy IPs. Contact our sales team for more information |
Security Considerations | |
Firewall Precedence | Vercel Firewall takes precedence over Trusted IPs |
IP Blocking | IPs listed in IP Blocking will be blocked even if listed in Trusted IPs |
DDoS Mitigation | Trusted IPs do not bypass DDoS Mitigation unless configured |
Deployment Impact | Changing the Trusted IPs list affects all deployments |
Disabling Trusted IPs | Disabling makes all existing deployments accessible from any IP |
Standalone Trusted IPs is an optional add-on to your Enterprise plan, contact our sales Team to learn more. Standalone Trusted IPs allows for the following:
- Allows Trusted IPs to be configured to be optional, so it behaves as a bypass to Vercel Authentication & Password Protection
- Allows Trusted IPs to be enabled in preview environments independently of Vercel Authentication
- It is however recommended to have Trusted IPs as an additional security measure on-top of Vercel Authentication, as relying solely on request IP matching for security is vulnerable to IP spoofing
- Additionally, Vercel Authentication enhances Vercel collaboration features like Comments. See who can access a deployment protected with Vercel Authentication
From your Vercel dashboard:
- Select the project that you wish to enable Trusted IPs for
- Go to Settings then Deployment Protection
Ensure Vercel Authentication is enabled. See Managing Vercel Authentication.
From the Trusted IPs section:
- Use the toggle to enable the feature
- Select the deployment environment you want to protect
- Enter your list of IPv4 addresses and IPv4 CIDR ranges with an optional note describing the address
- Finally, select Save
All your existing and future deployments will be protected with Trusted IPs for that project. Visitors to your project deployments from IP addresses not included in your list will see a No Deployment Found error page.
Was this helpful?