gitlab-org--gitlab-foss/doc/administration/monitoring/ip_allowlist.md

---
stage: Data Stores
group: Memory
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---

# IP whitelist **(FREE SELF)**

NOTE:
We intend to [rename IP whitelist as `IP allowlist`](https://gitlab.com/groups/gitlab-org/-/epics/3478).

GitLab provides some [monitoring endpoints](../../user/admin_area/monitoring/health_check.md)
that provide health check information when probed.

To control access to those endpoints via IP whitelisting, you can add single
hosts or use IP ranges:

**For Omnibus installations**

1. Open `/etc/gitlab/gitlab.rb` and add or uncomment the following:

   ```ruby
   gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']
   ```

1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect.

---

**For installations using cloud native Helm charts**

You can set the required IPs under the `gitlab.webservice.monitoring.ipWhitelist` key. For example:

```yaml
gitlab:
   webservice:
      monitoring:
         # Monitoring IP whitelist
         ipWhitelist:
         - 0.0.0.0/0 # Default
```

---

**For installations from source**

1. Edit `config/gitlab.yml`:

   ```yaml
   monitoring:
     # by default only local IPs are allowed to access monitoring resources
     ip_whitelist:
       - 127.0.0.0/8
       - 192.168.0.1
   ```

1. Save the file and [restart](../restart_gitlab.md#installations-from-source) GitLab for the changes to take effect.
Add latest changes from gitlab-org/gitlab@master 2022-05-31 20:08:20 -04:00			`---`
			`stage: Data Stores`
			`group: Memory`
			`info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments`
			`---`

			`# IP whitelist (FREE SELF)`

			`NOTE:`
			We intend to [rename IP whitelist as `IP allowlist`](https://gitlab.com/groups/gitlab-org/-/epics/3478).

			`GitLab provides some [monitoring endpoints](../../user/admin_area/monitoring/health_check.md)`
			`that provide health check information when probed.`

			`To control access to those endpoints via IP whitelisting, you can add single`
			`hosts or use IP ranges:`

			`For Omnibus installations`

			1. Open `/etc/gitlab/gitlab.rb` and add or uncomment the following:

			```ruby
			`gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.0.1']`
			```

			`1. Save the file and [reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect.`

			`---`

			`For installations using cloud native Helm charts`

			You can set the required IPs under the `gitlab.webservice.monitoring.ipWhitelist` key. For example:

			```yaml
			`gitlab:`
			`webservice:`
			`monitoring:`
			`# Monitoring IP whitelist`
			`ipWhitelist:`
			`- 0.0.0.0/0 # Default`
			```

			`---`

			`For installations from source`

			1. Edit `config/gitlab.yml`:

			```yaml
			`monitoring:`
			`# by default only local IPs are allowed to access monitoring resources`
			`ip_whitelist:`
			`- 127.0.0.0/8`
			`- 192.168.0.1`
			```

			`1. Save the file and [restart](../restart_gitlab.md#installations-from-source) GitLab for the changes to take effect.`