Restrict Web App Access on a group level from public internet

Hope you are safe and well.

We want to restrict users from public internet to allow only managers to access the web console and block the artists to access. From Studio, both should be able to access.

Please let know if the below workflow makes any sense.

This might be a good reference to understand Shotgun IP List

I am not aware of the actual process, but somehow if we could setup two proxy servers ( artists and managers ) and whitelist those 2 servers’ IP (+ studio IPs) in shotgun configuration.

All have to login via these servers (credentials of respective proxy servers) from public internet to access [xyz.shotgunstudio.com]

And in the artist proxy server, we can blacklist/block the IP ranges dealing with web app of shotgun, and allow other IPs of shotgun features.

This might also help in setting up proxy servers

Please let me know your thoughts on the same.

Thanks.

2 Likes

The prerequisites is to keep proxy server ip (or url) secret. I think it would be a little challenge for long run. It is better to add extra user authentication for the proxy server. But haproxy doesn’t provide user based acl

Loney

2 Likes