Restrict access to your preview environments by IP address.

Availability

IP allowlists are available on the Business plan only.

How It Works

When an IP allowlist is configured, only requests from the specified IP addresses or ranges can access the environment. All other requests are blocked.

Setting an IP Allowlist

Per Environment (CLI)

Use the --ip-allow flag with CIDR notation:

prev create . --ip-allow 10.0.0.0/8,192.168.1.0/24

Multiple ranges are separated by commas.

Per API Key (Dashboard)

Set a default IP allowlist for all environments created with a specific API key:

  • Go to Dashboard > API Keys
  • Edit or create an API key
  • Enter IP ranges in the IP Allowlist field
  • Optionally check Lock Allowlist to prevent the CLI from adding additional IPs

    • CIDR Notation Examples

    CIDRDescription
    %%INLINECODE_1%%Single IP address
    %%INLINECODE_2%%256 addresses (192.168.1.0 - 192.168.1.255)
    %%INLINECODE_3%%Class A network
    %%INLINECODE_4%%All addresses (effectively disables the allowlist)

    Combining with Password Protection

    IP allowlists and password protection can be used together for layered security:

    prev create . --ip-allow 10.0.0.0/8 --credentials admin:secret

    Visitors must come from an allowed IP and provide valid credentials.

    Locked Allowlists

    When a Business admin locks an API key's allowlist, the --ip-allow CLI flag is ignored for that key. This ensures team members cannot bypass IP restrictions set by the admin.