Control who can access your agency's portals and application by configuring IP address allowlists and blocklists, strengthening your network-level security posture.

### Overview

IP address access rules let you restrict access to your eCourtDate portals and application based on the network a person is connecting from. By maintaining an allowlist, you ensure that only connections from approved IP addresses (such as your courthouse, office building, or VPN) can reach your portals. By maintaining a blocklist, you can explicitly deny access from known problematic IP addresses. This feature is critical for government agencies that must comply with security policies requiring network-level access controls.

- **What it does:** Allows you to define IP addresses or ranges that are permitted or blocked from accessing your portals and application.
- **Why it matters:** Adds a layer of security beyond username and password authentication, helping your agency meet compliance and audit requirements.
- **Who should use it:** IT administrators, security officers, and agency administrators responsible for access control and security policy enforcement.
- **Expected outcome:** Only connections from approved IP addresses can access your portals, while blocked addresses are denied access and logged for review.

### Prerequisites

Before configuring IP address access rules, make sure you have:

- An active eCourtDate staging or production agency account
- Super Admin role or **General Settings** update permissions
- The IP addresses or IP ranges (CIDR notation) that your agency wants to allow or block
- Coordination with your IT department to identify all IP addresses used by your agency's offices, remote workers, and VPN endpoints
- At least one web portal configured in your agency (for portal-specific rules)

### How-To Steps

#### Step 1: Navigate to IP Address Settings

1. Click **Admin** in the top navigation bar.
2. Select **Settings** from the dropdown menu.
3. Click the **IP Addresses** tab on the settings page.
4. Review any existing IP address rules in the list. Each rule displays the IP address or range, rule type (allow or block), and scope (agency-wide or portal-specific).

#### Step 2: Add an IP Address to the Allowlist

1. Locate the **Create IP Rule** form on the left side of the page.
2. Enter the IP address in the **IP Address** field. You can enter:
   - A single IP address (for example, `192.168.1.100`)
   - An IP range using CIDR notation (for example, `10.0.0.0/24` to cover all addresses from 10.0.0.0 to 10.0.0.255)
3. Select **Allow** from the **Rule Type** dropdown.
4. (Optional) Select a specific portal from the **Portal** dropdown to apply the rule to only that portal. Leave blank to apply the rule agency-wide.
5. (Optional) Enter a **Description** to document the purpose of this rule (for example, "Main courthouse network" or "IT department VPN").
6. Click **Create** to save the rule.

#### Step 3: Add an IP Address to the Blocklist

1. In the **Create IP Rule** form, enter the IP address or range you want to block in the **IP Address** field.
2. Select **Block** from the **Rule Type** dropdown.
3. (Optional) Select a specific portal or leave blank for agency-wide enforcement.
4. (Optional) Enter a **Description** to explain why this address is blocked (for example, "Repeated unauthorized access attempts").
5. Click **Create** to save the rule.

#### Step 4: Edit or Remove an Existing Rule

1. In the IP address rules list, locate the rule you want to modify.
2. Click **Edit** next to the rule.
3. Update the IP address, rule type, portal scope, or description as needed.
4. Click **Save** to apply your changes.
5. To remove a rule entirely, click the **Delete** or **Archive** option next to the rule.

#### Step 5: Test Your Access Rules

1. After creating allowlist rules, attempt to access your portal from an allowed IP address. Verify that access is granted successfully.
2. If possible, attempt to access the portal from an IP address that is not on the allowlist. Verify that access is denied.
3. For blocklist rules, attempt to access the portal from the blocked IP address and confirm that access is denied.
4. Check the access logs (see Step 6) to verify that your test attempts are recorded correctly.

#### Step 6: Monitor Access Attempts

1. Navigate to **Admin** > **Settings** > **IP Addresses**.
2. Review the access log section for recent connection attempts.
3. Look for entries from blocked IP addresses. Each entry typically shows the IP address, timestamp, and access result (allowed or denied).
4. Investigate any unexpected access attempts from unfamiliar IP addresses.
5. If you identify a new problematic IP address in the logs, add it to the blocklist following Step 3.

### What to Expect

After configuring IP address access rules, enforcement takes effect immediately. Connections from allowed IP addresses proceed normally, while connections from blocked (or non-allowlisted, if an allowlist is active) IP addresses are denied. Staff members connecting from outside your approved networks (for example, from home without a VPN) are unable to access the portal unless their IP address is added to the allowlist. Blocked access attempts are logged so you can review them at any time.

### Best Practices

- **Use CIDR ranges for office networks.** Instead of adding individual IP addresses for every workstation, use CIDR notation to cover your entire office subnet (for example, `10.0.0.0/24`).
- **Include VPN endpoints.** If your staff connects remotely through a VPN, add the VPN's exit IP addresses to the allowlist to ensure remote workers are not locked out.
- **Document every rule.** Use the **Description** field to record why each IP address was added. This helps future administrators understand the purpose of each rule and decide whether to keep or remove it.
- **Review rules quarterly.** IP addresses change as offices move, ISPs update configurations, or staff work from new locations. Schedule a quarterly review to remove outdated rules and add new ones.
- **Test before enforcing broadly.** When setting up allowlist rules for the first time, start with a single portal before applying rules agency-wide. This lets you verify your configuration without risking a lockout across all portals.

### Frequently Asked Questions

**Q: What happens if I enable an allowlist but forget to add my own IP address?**
A: You may lose access to the portal from your current network. If this happens, sign into the eCourtDate application (not the portal) using your admin credentials and add your IP address to the allowlist. The application and portal access rules may be configured independently.

**Q: Can I apply different IP rules to different portals?**
A: Yes. When creating a rule, select a specific portal from the **Portal** dropdown to limit enforcement to that portal. Rules without a portal selection apply agency-wide.

**Q: Does blocking an IP address affect users who are already signed in?**
A: Blocking an IP address prevents new connections from that address. Depending on session configuration, users who are already signed in from a blocked IP address may be disconnected on their next request or when their session expires.

**Q: Can I use IPv6 addresses in my rules?**
A: Check your agency's current configuration. eCourtDate supports the IP formats available in your settings. If you are unsure whether IPv6 is supported for your agency, contact eCourtDate support for clarification.

**Q: How do I find out which IP address my office uses?**
A: From any workstation in your office, visit a site like whatismyip.com to see your public IP address. Coordinate with your IT department to confirm the full range of IP addresses used by your network.

**Q: Are IP address rules enforced for the eCourtDate admin application as well?**
A: IP rules configured in the portal settings apply to portal access. Application-level access rules may be configured separately. Consult with your IT team or eCourtDate support to set up access rules for the admin application.

### Troubleshooting

**Issue:** A staff member cannot access the portal from the office.
**Symptoms:** The staff member receives an access denied or connection refused error when trying to load the portal from an office workstation.
**Solution:**

1. Ask the staff member to check their current public IP address (using a tool like whatismyip.com).
2. Navigate to **Admin** > **Settings** > **IP Addresses** and verify that the IP address or its range is on the allowlist.
3. If the IP address is not listed, add it to the allowlist and click **Create**.
4. Ask the staff member to refresh the portal page and try again.
5. If the issue persists, check whether the IP address is also on the blocklist. If it appears on both lists, remove it from the blocklist.

**Issue:** Access from a blocked IP address is not being denied.
**Symptoms:** You added an IP address to the blocklist, but connections from that address still succeed.
**Solution:**

1. Navigate to **Admin** > **Settings** > **IP Addresses** and confirm the blocklist rule is present and correctly formatted.
2. Verify the IP address is entered exactly as it appears in the access logs (check for typos or incorrect CIDR notation).
3. Check whether there is a conflicting allowlist rule for the same IP address or a broader range that includes it. Allowlist rules may take precedence.
4. If the issue persists, clear the portal's cache and test again, or contact eCourtDate support for assistance.

### Related Articles

- [How to Create Web Portals](/how-to-create-web-portals)
- [Roles and Permissions](/roles-and-permissions)