The IP Whitelist page lets you specify a list of IP addresses that can access your Looker instance. When the IP whitelist is enabled, your Looker instance filters IP addresses at the application level, allowing connections from only the IP addresses on the whitelist. Looker refuses connection attempts from all other IP addresses. When the IP whitelist is disabled, your Looker instance can accept connections from any IP address.
To integrate Git pull requests with any LookML projects, you will need to whitelist the range of IP addresses from which your Git provider makes outbound requests. For example, current Github IP addresses are listed in the Github changelog. IPs are subject to change and will be different for other Git providers.
The IP Whitelist page is available only for Looker-hosted instances. Customer-hosted instances will not see this option in the Admin menu. To view the IP Whitelist page, from the Server section of the Admin menu, select IP Whitelist.
The IP Whitelist page lists the rules that you use to configure which IP addresses and subnet masks can access your Looker instance. Each rule also defines whether users from those IP addresses can log in only from the Looker UI, only from the Looker API, or from both sources.
In addition to viewing existing IP whitelist rules, you can:
- Activate or deactivate the IP whitelist. When the whitelist is active, only users from listed IP address can connect.
- Define a new rule, which adds more IP addresses to the whitelist.
- Activate, deactive, edit, or delete an existing rule.
Adding Your IP Address
If the IP whitelist has no rules defined, such as will be the case when you first access the list, a tooltip next to the Active switch displays a warning about adding your IP address to the whitelist:
Click Whitelist me! to have Looker create a custom rule that adds your IP address to the whitelist:
If you activate the whitelist without first adding your own IP address, you will not be able to access your instance!
Adding a New Rule
Click Add Rule to add an IP address or a range of addresses to the whitelist:
- Enter a name for the new rule.
- Enter a range of approved IP addresses using an IP address and a subnet mask, as described in this discussion of CIDR notation.
- Specify whether the new rule applies only to login attempts from the Looker UI, only to login attempts from the Looker API, or to login attempts from both sources.
- Click Submit.
Adding 50 or more rules may negatively impact Looker’s performance.