By default the application only allows access from the local ip address. The whitelist can be managed through the configuration file.

The whitelist is based on an array containing addresses or address ranges in the IPv4 address range. Several address or address range formats are supported.

A single asterisk character is used to allow access from any IP address:

'whitelist' => [
    '*',
]

Currently there is only one "hostname" supported which is localhost. This is simply an alias of 127.0.0.1:

'whitelist' => [
    'localhost',
]

'whitelist' => [
    '10.0.0.1',
]

Wildcards can be used to denote a range of IP addresses. When using wildcards the first address in the range will have the wildcard replaced by 0 and the last address in the range will have the wildcard replaced by 255. All octets of an address can be replaced by a wildcard expect for the first one.

Multiple wildcards can also be used:

'whitelist' => [
    '10.0.0.*',
    '192.168.*.*',
]

The above example allows access from two address ranges:

10.0.0.0 - 10.0.255

and

192.168.0.0 - 192.168.255.255

Another option to denote a range of ip addresses is as follows:

'whitelist' => [
    '10.0.0.1-10.0.0.24',
]

This allows all IP address in that range access (including the start and end address).

'whitelist' => [
    '10.0.0.10/24',
]