Network Controls

Test securely through IP restrictions. Enforce org-wide monitoring, logging and security.

Network controls enable organizations to test securely through their IP access restrictions. Organizations can whitelist a range of BrowserStack IPs for all inbound and outbound traffic from our remote devices. It enables administrators to enforce org-wide monitoring and ensure that all traffic from BrowserStack cloud can be resolved through org’s network, for each of its user.

Outbound IP Whitelisting

Outbound IP Whitelisting allows your org’s users to connect to the BrowserStack domain (browserstack.com) through any corporate firewalls or proxy setups. This option is most frequently used when the security settings of organizations prevent connections from their internal computers to external endpoints. When enabled, your network team will whitelist access from your local machines to BrowserStack’s IP addresses, allowing your users to make outbound connections to BrowserStack.

How to Enable

1. BrowserStack will provide a list of IP addresses representing our domain.
2. Your network and security teams can whitelist the BrowserStack IP addresses in your firewall or proxy settings to allow outbound connections from your machines to our domain. You can view the list of BrowserStack IP addresses that you need to whitelist using the following API endpoint:

curl -u "YOUR_USERNAME:YOUR_ACCESS_KEY" \
-X GET "https://www.browserstack.com/user/ip_access_list"

A sample response for the above request is shown below:

{
  "message": "Success",
  "result": {
    "ip_access_list": {
      "last_updated": "2022-06-14T05:34:38.986Z",
      "ip_count": 18,
      "ip_address": [
            {
              "ip_address": "66.XXX.XXX.XXX/26",
              "updated_at": "2021-12-14T05:34:39.580Z"
            },
            {
              "ip_address": "66.XXX.XXX.XXX/21",
              "updated_at": "2022-01-14T05:34:39.580Z"
            }
          ]
    }
  }
}

Once the IP addresses are whitelisted, users will be able to access the BrowserStack cloud.

Inbound IP Whitelisting

Inbound IP Whitelisting allows the remote BrowserStack terminals to access your private staging environments. There are multiple implementations of Inbound IP Whitelisting, you can choose the best option based on your network and environment settings. Learn more about how BrowserStack’s inbound IP Whitelisting feature works.

There are four inbound whitelisting configurations. They each provide slightly different levels of access to your websites/applications:

Centralized local testing

Centralized local testing allows organizations to maintain a single local testing connection for all its users. This enables IT teams to ensure a single configuration and prevent any unauthorized access to their internal environments. This is very useful setting if IP whitelisting and running apps/binaries are restricted within your organization.

Implementation

• Your IT or Systems team will stand up a dedicated internal server that runs the BrowserStack Local Testing binary and maintains an open Local testing connection using the WSS protocol.
• BrowserStack will enable the Centralized local testing feature for your account (Contact support for the same). Once enabled, all Local testing traffic will be routed through the central connection and prevent other users within your account from launching Local testing connections with their own API keys.
• Your users will initiate tests on BrowserStack with Local testing enabled. If the BrowserStack test needs to reach any non-public URLs, the HTTP request will be routed through the central Local testing connection and will be resolved from the internal server.

Forcing force local

Organizations can choose to enable force local for all their users on BrowserStack. When this setting is enabled, all tunnel connections initiated by any of their users will ensure that all traffic is forcefully routed via the organization network setup.

• Ensure that the websites accessed via local testing are network compliant.
• Test on websites behind VPNs or proxies that allow access only from restricted IP addresses.

Tunnel connection management

Tunnel Management enables the Owner to get a birds eye view of all the tunnel connections that have been started within the organization.

• Monitor all the open connections along with details such as force local, duration etc.
• Kill a single/all tunnel connections if any discrepancies are observed.

View Tunnel management

1. In BrowserStack, visit Account.
2. Navigate to Tunnel Management under Settings.
3. You can view the active tunnel connections within your organization.

Tunnel Settings

With tunnel settings, owners of Enterprise accounts can enforce the desired tunnel configuration for all the users within the organisation.

View Tunnel settings

1. In BrowserStack, visit Account.
2. Navigate to Tunnel Management under Settings.
3. Click on the “Tunnel Settings” tab

Tunnel settings can be enforced at the organisation level or at a team level.

Once a tunnel setting is added at an organisation level, all tunnels under that organisation will comply to that configuration.

Once a tunnel setting is added at a team level, all tunnels under that team will comply to that configuration.