We use cookies to enhance user experience, analyze site usage, and assist in our marketing efforts. By continuing to browse or closing this banner, you acknowledge that you have read and agree to our Cookie Policy, Privacy Policy and Terms of Service.

Home Local Testing Inbound IP Whitelisting

Inbound IP Whitelisting

This guide shows you how BrowserStack’s inbound IP Whitelisting feature works.

Introduction

If you want the BrowserStack cloud to directly resolve your IP-restricted assets without passing through the Binary, we provide another solution – inbound IP whitelisting.

Pre-requisites

  • Your network resources are publicly discoverable (private.mywebsite.com) but access restricted based on the IP of the requester.

  • You can whitelist a static set of IPs to allow them access for the above.

What is IP Whitelisting?

IP Whitelisting is a BrowserStack solution where, instead of doing resolution of local assets via the Binary or the Chrome application, the BrowserStack cloud directly accesses your assets via a limited and secure set of machines whose IPs have been whitelisted by your network administrator.

How does it work?

How does it work

  • E1 Host Machine makes a call to BrowserStack backend, to signal start of testing session.

  • E2 Backend allocates an appropriate device as per requested capabilities, and asks the device to use the Repeater as a proxy.

  • E3 Backend informs the Repeater of the device allocated to the session, and asks it to allow the allocated device to use it as a proxy.

  • E4 Devices start making all network calls via the Repeater.

  • E5 Repeater checks if the request can be resolved via the public internet, or if it needs access to your network.

    Note: This can be disabled with our 'force-local' modifier, making everything go through your network.

  • E6 Repeater hits the your internal network to resolve the request. There are 2 pre-requisites:
    1. You can only resolve public-internet resources which are access-restricted to IPs within your network.
    2. You will need to whitelist inbound traffic from a set of our Repeaters. We will share a list of IPs with your company, which will need to be granted access.

      If you don't want to grant access to a large set, you can opt to have a dedicated Repeater for your account, which will be exclusively set aside for resolution to your network.

Entities:

  1. Your Network: Your subnet, controlled by your network regulator.
  2. Your Firewall: The firewall being used inside your network.
  3. Host Machine: The machine running your tests. This can but doesn’t have to be the same as the one running Your Application Server.
  4. Your Application Server: The internal staging which hosts your local assets.
  5. BrowserStack Backend: Our application for verifying credentials and general housekeeping.
  6. Repeater: Highly secure intermediary between your network and ours.
  7. Devices: Real devices, hosted in BrowserStack datacenters across the world.
  8. Public Internet: The rest of the publicly accessible internet.

Other FAQs

Q: How many IPs will I need to whitelist?

A: Depends. We provide two tiers of access for clients:

  • Shared IP whitelisting, where you will need to provide our entire fleet access
  • Dedicated IP whitelisting, where we will set aside a machine for interfacing with your network and your network alone.

Q: What if I want to access my localhost or other non-public parts of the subnet?

A: Unfortunately, you can’t access your non-public subnet via IP Whitelisting. You can, however, use a combination of the Local Binary or the Chrome application to achieve that.

Q: How do I get started with IP Whitelisting?

A: Get in touch!