Restrict some users to connect only from specific IP addresses

Sometimes it's desirable to allow some users, to connect only from specific IP addresses, while allowing all other users to connect from any IP address. This guide will show you how to do this.

  1. From the side-bar menu, select the 'Settings' panel (if you're using Professional Edition)
    OR select the 'Sites' panel (if you're using Enterprise MFT)
  2. Select the 'IP filtering' property in the 'IP filtering and Auto-banning' category. Then click the ellipsis (...) button.
  3. In the 'IP Filtering' dialog, set the precedence to 'Allow over deny' option.
  4. Then delete the default rule.

    Why? If no rule applies to an incoming connection, then the first part of the precedence is used (i.e. 'Deny' for 'Deny over allow' and 'Allow' for 'Allow over deny'). Therefore, in this example, unless the user-specific rules that will be defined below apply, then an incoming connection will be allowed (Remember, in this example we are using the 'Allow over Deny' precedence).

  5. Click the 'Yes' button when the confirmation dialog appears.
  6. Check the 'show user-specific rules' checkbox.
  7. Now, add a new rule to deny access of the 'JoeSmith' user from all IP addresses.
    1. Click the empty cell under the 'Action' column then select the 'Deny' action.
    2. After the action is selected, the rule is automatically set for all IP addresses. Let it be!
    3. Select the 'JoeSmith' user from the list.
    4. Now, the rule that prevents the 'JoeSmith' user from connecting to the server from all IP addresses will look like this:
  8. Add another rule to allow the 'JoeSmith' user to be able to access from specified IP addresses.
    1. Add an 'Allow (unless autobanned)' rule.
    2. Enter the IP address from which the 'JoeSmith' user is allowed to connect, e.g. 172.16.0.88.
    3. Then Select the 'JoeSmith' user from the list, which is the one who this rule will apply to.
    4. Now, the rule that allows the 'JoeSmith' user to access from the specified IP address will look like this:
  9. Close the 'IP Filtering' dialog, then click the 'Apply changes' button.