How to whitelist certain IPs to the application?

Is there a way to add annotation via Qovery to limit the access to the application to certain IP addresses?

1 Like


We do not propose it yet, but this is something we can consider easily. Please add/vote for it in the roadmap.


Hi @prki , I can take a look to add this parameter configurable via our application advanced settings. We can do it for next week if it works for you.

1 Like

Yes, please! :slightly_smiling_face: We want to only accept traffic from Cloudflare IP ranges to enforce their WAF and Cloudflare Access authorization rules.

1 Like

Ok I come back to you here once it’s available

1 Like

Hi, is there any update or ETA for this?

Hi @prki - not yet sorry - I keep you posted when we have an ETA. We’ll try our best to provide it ASAP. It’s possible that next week you have something.

Hi @prki , I’ve discussed this with @Pierre_Mavro, and it seems that supporting officially IP whitelisting would take more time than expected. The reason is that Qovery uses NLBs at the moment and we’d need to replace them with ALBs. The good news is that we plan to make it configurable. The bad is that it will take time.

Potential solution

I would recommend you take a look at Cloudflare to whitelist by IP addresses in the meantime.

You can use for free their WAF and then filter by IP addresses (and even other options).

Let me know if this solution fits you.

It would be enough for us if you could just expose this ingress option:

We are using Cloudflare Access which does SSO authentication for our internal apps and proxy only the authenticated traffic. However, it can currently be beaten by using your application URLs to access them directly, skipping Cloudflare. We would need to put Cloudflare network ranges to our application whitelist for this to work properly.

My bad, yes it’s totally possible with Nginx ingress. However, it won’t work for databases as it will require changes that @rophilogene said above.

So for HTTP applications, we can implement the whitelist easily :slight_smile:

Hi @prki , I will add the whitelist-source-range option to the application advanced settings next week. I will keep you posted.

Hi @rophilogene , any news on this ? IP Whitelisting would be very useful

Hi, scheduled for this week :slight_smile:

1 Like

Hi @JrmyDev @prki , just to let you know that the option has been added, it’s in review, and it will be released early next week.

1 Like

Hi @prki @JrmyDev the option has been released. I can give you access to the V3 to make the configuration easier. Do you want?

Here are the instructions to set up the IP whitelisting for your app via curl


To use the Qovery app advanced settings API:

  1. check out our API documentation.
  2. Create an API token.

:warning: Keep secured your API token - never share it with anyone.

Whitelist IP addresses

To whitelist only some IPs like:


You can run the following CURL command:

curl -X PUT -H 'Authorization: Token <your API token>' -H 'Content-type: application/json' \
-d '{"network.ingress.whitelist_source_range": ",,"}' 

:warning: Then redeploy your application to apply the change.

The default value is:, which means all the IPs are whitelisted.

Your Application ID (appId) is the last ID in your URL. E.g. for the Organization ID is 3cc850c6-cc4f-46bc-ad05-c90f7b597333

Here is a small tutorial for Qovery V3

1 Like

Yes please :star_struck:
We could also accessed to v2 if needed ?

Envoyé de mon iPhone

1 Like

@rophilogene any news about v3 access ? thanks

I used to have V3 access but it doesn’t work for me anymore. Please check, I would prefer to have UI to quickly see these things.

does it work with hostname ? in my case i don’t have static ip