Inbound IP Whitelisting

If you want the BrowserStack cloud to directly resolve your IP-restricted assets without passing through the Binary, we provide another solution – inbound IP whitelisting.

• Your network resources are publicly discoverable (private.mywebsite.com) but access restricted based on the IP of the requester.

• You can whitelist a static set of IPs to allow them access for the above.

IP Whitelisting is a BrowserStack solution where, instead of doing resolution of local assets via the Binary or the Chrome application, the BrowserStack cloud directly accesses your assets via a limited and secure set of machines whose IPs have been whitelisted by your network administrator.

• E1 Host Machine makes a call to BrowserStack backend, to signal start of testing session.

• E2 Backend allocates an appropriate device as per requested capabilities, and asks the device to use the Repeater as a proxy.

• E3 Backend informs the Repeater of the device allocated to the session, and asks it to allow the allocated device to use it as a proxy.

• E4 Devices start making all network calls via the Repeater.

• E5 Repeater checks if the request can be resolved via the public internet, or if it needs access to your network.

  Note: This can be disabled with our 'force-local' modifier, making everything go through your network.

• E6 Repeater hits the your internal network to resolve the request. There are 2 pre-requisites:
  1. You can only resolve public-internet resources which are access-restricted to IPs within your network.
  2. You will need to whitelist inbound traffic from a set of our Repeaters. We will share a list of IPs with your company, which will need to be granted access.

     If you don't want to grant access to a large set, you can opt to have a dedicated Repeater for your account, which will be exclusively set aside for resolution to your network.

Entities:

1. Your Network: Your subnet, controlled by your network regulator.
2. Your Firewall: The firewall being used inside your network.
3. Host Machine: The machine running your tests. This can but doesn’t have to be the same as the one running Your Application Server.
4. Your Application Server: The internal staging which hosts your local assets.
5. BrowserStack Backend: Our application for verifying credentials and general housekeeping.
6. Repeater: Highly secure intermediary between your network and ours.
7. Devices: Real devices, hosted in BrowserStack datacenters across the world.
8. Public Internet: The rest of the publicly accessible internet.

Q: What if I want to access my localhost or other non-public parts of the subnet?

A: Unfortunately, you can’t access your non-public subnet via IP Whitelisting. You can, however, use a combination of the Local Binary or the Chrome application to achieve that.