The Access Control page lets you protect your subscription URL by controlling who can request it and how your service credentials are managed.
This is the main place to configure IP allowlisting, and depending on the portal or product configuration, you may also see a subscription request rate limit option.
Important behavior
If IP allowlisting is enabled but no allowed IP or CIDR entries are configured, subscription access remains blocked until you add valid entries or disable the allowlist.
1. What This Page Controls
The subscription access control page is focused on the subscription URL, not on general browsing of the client area.
- It controls which IP addresses are allowed to fetch your subscription.
- It may control how frequently subscription requests are accepted from one IP, if that option is enabled in your portal.
- It also includes credential actions such as resetting your UUID or subscription URL.
2. Before You Start
- Know where your subscription will be downloaded from, such as your home IP, office IP, VPN gateway, or automation server.
- If your IP changes often, avoid enabling a strict allowlist unless you are ready to keep it updated.
- If you use multiple trusted networks, prepare all required IP or CIDR entries in advance.
- Remember that changing UUID or subscription URL credentials will require clients to re-import the updated link.
3. How IP Allowlisting Works
- When Allowed IPs only is enabled, only listed IP addresses or CIDR ranges can access the subscription URL.
- Both IPv4 and IPv6 are supported.
- You can enter either a single IP, such as
1.2.3.4, or a CIDR range, such as1.2.3.0/24or2001:db8::/32. - If an incoming request does not match any allowed entry, the subscription request is denied.
4. How to Add Allowed IP or CIDR Entries
- Open your Product Details Page in the client area.
- Open Access Control.
- Enable Allowed IPs only if it is not already enabled.
- Enter the IP address or CIDR range in the Allowed IP/CIDR field.
- Optionally enter a Remark so you can remember what that entry is used for.
- Click Add.
- Repeat the process for each additional trusted IP or network.
You can remove an existing allowlist entry later by using the Delete button next to that rule.
5. Subscription Rate Limiting
Some client portals may expose a subscription request rate limit option.
- When enabled, subscription URL requests are limited per IP within a short time window.
- The setting is typically expressed as Max requests per minute.
- This helps reduce abuse, accidental request loops, or over-aggressive polling by clients and scripts.
Note
If your Access Control page does not show rate limit options, your current product or deployment may not expose that setting in the UI.
6. Credential Management
The Access Control page also includes actions for rotating your subscription credentials.
- Reset UUID: Changes the UUID used by the subscription. Existing client configurations stop working until re-imported.
- Reset subscribe URL: Invalidates the current subscription URL and generates a new one.
Important warning
After resetting UUID or subscription URL credentials, you must re-import the updated subscription link in your proxy client. Existing links and configurations will stop working.
7. Activity Log and Auditing
Changes made from the Access Control page can be reviewed from the service activity log.
- You can use this to verify when access rules were changed.
- It is also useful for checking whether credentials were rotated intentionally.
- If multiple administrators or users are involved, the activity log can help explain unexpected access behavior.
8. Important Notes and Limitations
- Access control settings apply to the subscription URL, not to all other service functions.
- If you enable IP allowlisting without valid entries, subscription access is blocked.
- Frequent IP changes can make strict allowlisting inconvenient for mobile or roaming users.
- Resetting credentials is disruptive and should be done only when needed.
- Depending on deployment, some advanced controls such as rate limiting may or may not be visible in the client interface.
Recommended Workflow
- Start by deciding whether your subscription should be accessible from anywhere or only from trusted IPs.
- If you enable IP allowlisting, add all required IP or CIDR entries before relying on the setting.
- Use remarks so you can identify each rule later.
- Only reset UUID or subscription URL credentials when a link may have been exposed or rotated intentionally.
- After any credential reset, immediately update your proxy clients with the new subscription link.