The IP Allowlist page lets you specify a list of IP addresses that can access your Looker instance. When the IP allowlist is enabled, your Looker instance filters IP addresses at the application level, allowing connections from only the IP addresses on the allowlist. Looker refuses connection attempts from all other IP addresses. When the IP allowlist is disabled, your Looker instance can accept connections from any IP address.
To integrate Git pull requests with any LookML projects, you need to add to the allowlist the range of IP addresses from which your Git provider makes outbound requests. For example, current Github IP addresses are listed in the Github changelog. IPs are subject to change and will be different for other Git providers.
The IP Allowlist page is available only for Looker-hosted instances. Customer-hosted instances will not see this option in the Admin menu. To view the IP Allowlist page, from the Server section of the Admin menu, select IP Allowlist.
The IP Allowlist page lists the rules that you use to configure which IP addresses and subnet masks can access your Looker instance. Each rule also defines whether users from those IP addresses can log in only from the Looker UI, only from the Looker API, or from both sources.
In addition to viewing existing IP allowlist rules, you can:
- Activate or deactivate the IP allowlist. When the allowlist is active, only users from listed IP address can connect.
- Define a new rule, which adds more IP addresses to the allowlist.
- Activate, deactive, edit, or delete an existing rule.
Adding your IP address
If the IP allowlist has no rules defined, as when you first access the list, a tooltip next to the Active switch displays a warning about adding your IP address to the allowlist:
Click Allowlist me! to have Looker create a custom rule that adds your IP address to the allowlist:
If you activate the allowlist without first adding your own IP address, you will not be able to access your instance!
Adding a new rule
Click Add Rule to add an IP address or a range of addresses to the allowlist:
- Enter a name for the new rule.
- Enter a range of approved IP addresses using an IP address and a subnet mask, as described in CIDR notation.
- Specify whether the new rule applies only to login attempts from the Looker UI, only to login attempts from the Looker API, or to login attempts from both sources.
- Click Submit.
Adding 50 or more rules may negatively impact Looker’s performance.