IP Restriction

IP restriction is a security mechanism that controls access to a digital publication based on the viewer's IP address. When enabled, only requests originating from pre-approved IP addresses or defined CIDR ranges are permitted through. All other access attempts are silently denied without revealing that the content exists. This approach ties access permissions to physical network locations rather than individual credentials, making it one of the strongest forms of access control available for digital documents. Organizations commonly use IP restriction to confine confidential materials to office networks, VPN tunnels, or specific geographic locations.

For teams distributing sensitive materials — financial reports, merger proposals, pre-release product documentation, internal training manuals — IP restriction provides a security layer that passwords alone cannot. A password can be forwarded, guessed, or shared on a sticky note. An IP restriction cannot be circumvented without physically connecting to an approved network or routing through an authorized VPN. This makes it especially valuable for regulated industries where document access must be auditable and tightly controlled. Even if a publication link is accidentally shared outside the organization, viewers on unapproved networks simply cannot open it.

FlipLink provides multiple layers of [privacy and access control](/features/privacy-and-access-control) for your publications. Rather than filtering by IP address, FlipLink gives you per-publication controls you can configure directly: keep marketing flipbooks fully public while locking confidential documents behind [password protection](/features/password-protection), an [email allowlist](/glossary/email-allowlist) of approved viewers, [link expiry](/features/link-expiry), NoIndex to keep content out of search engines, and an instant publish/unpublish toggle. These controls combine to create a multi-layered security setup. If you need to confine a publication to a specific network perimeter, you would enforce IP restriction at the network layer — for example with a corporate firewall or VPN — and pair it with FlipLink's built-in password and email-allowlist controls for layered protection.

IP restriction is the right choice when content must stay within a defined network perimeter. Common scenarios include: - **Internal-only documents**: HR policies, board presentations, and compliance materials that should never leave the corporate network. - **Client-specific deliverables**: Sharing proposals or reports with a specific client while ensuring their competitors on different networks cannot access them. - **Regulated content**: Financial disclosures, legal documents, or healthcare materials where access must be traceable to a specific location. - **Pre-launch materials**: Product announcements or press kits that need to stay within the PR agency's network until the official release date. If your audience accesses content from unpredictable locations (home offices, mobile devices on cellular networks), consider combining IP restriction with VPN access or using [password protection](/features/password-protection) as an alternative.

IP restriction is a strong perimeter control, but it works best as part of a layered security strategy: - **VPN and remote workers**: Remote employees need VPN access to reach IP-restricted content. Make sure your VPN infrastructure supports the expected number of concurrent users before restricting publications by IP. - **Dynamic IP addresses**: Some ISPs assign dynamic IPs that change periodically. If your audience uses dynamic IPs, restrict by CIDR range rather than individual addresses. - **Shared networks**: In co-working spaces or shared office buildings, multiple organizations may share the same IP range. For maximum security in shared environments, combine IP restriction with [password protection](/features/password-protection). - **Proxy and CDN considerations**: Some corporate networks route traffic through proxies that mask individual device IPs. Verify that the proxy's outbound IP is included in your allowlist.

A law firm is managing a confidential merger proposal between two publicly traded companies. They create a FlipLink flipbook containing the full proposal document and lock it down with a password and an email allowlist limited to the three teams that need access. To keep the content within their network perimeter, the firm's IT team restricts the underlying network access by IP at the firewall and VPN level — covering the law firm's office network, the acquiring company's headquarters, and the target company's executive floor. An associate traveling for a conference tries to open the flipbook from the hotel Wi-Fi and is blocked by the network policy. When the associate connects to the firm's VPN from the same hotel room, the flipbook opens immediately. Meanwhile, the firm's general marketing flipbooks remain fully public, demonstrating how FlipLink's privacy and access controls let you apply different security levels to different publications.