How to configure an IP whitelist for the CubeBackup web console.


IP whitelist

Implementing an IP whitelist for the CubeBackup web console provides another layer of protection for all communications with your backup server. This is useful to restrict access from unknown sources or unauthorized machines in your office network.

Instructions

Starting from version 4.9, CubeBackup allows you to enable IP whitelisting to the web console and the CubeBackup APIs with a few simple operations.

  1. Open the config file config.toml on the backup server using a text editor.

    Note:
    Starting with version 4.7, the configuration file is located at <installation directory>/etc/config.toml for fresh installations of CubeBackup. For installations upgraded through the console, or versions prior to 4.7, the configuration file is still located at <installation directory>/bin/config.toml.
         On Windows, the installation directory is located at C:\Program Files\CubeBackup4 by default.
         On Linux, the installation directory is located at /opt/cubebackup by default.

  2. Under the [Web] section, add a list of trusted IP addresses to the IPWhitelist array. If your config.toml file does not contain this field, please manually add it to the [Web] section.

    The IPWhitelist field accepts values in the format of IPv4, IPv6, or IP ranges of your office network.

    The [Web] section should be formatted like the example below after modification.

    [Web]
    ...
    IPWhitelist = ["192.168.10.1/24","2001:0db8::1428:57ab"]
    ...
  3. This will cause requests from non-whitelisted IP addresses to the CubeBackup console and the CubeBackup APIs to be automatically rejected.

  4. If you only wish to restrict API access, you can add or edit the IPWhiteList field in the [API] section. This will block API requests from the non-whitelisted IP addresses to your CubeBackup server.
    The [API] section should be formatted like the example below after modification.

    [API]
    Enabled = true
    IPWhitelist = ["192.168.10.1/24","2001:0db8::1428:57ab"]
  5. For even more granular settings, you can go further and add the IPWhiteList field to a specific API client in the corresponding [[API.Clients]] section. This will restrict API requests for this particular client to only the whitelisted IP addresses.
    The [[API.Clients]] section should be formatted like the example below after modification.

    [[API.Clients]]
    Name = "[email protected]"
    Id = "b83ffc173eb4bbc45cde2…e648daa96bb"
    Admin = true
    IPWhitelist = ["192.168.10.1/24","2001:0db8::1428:57ab"]