Following the recent announcement of IP Allow List support in Beta for SonarQube for Cloud Enterprise customers, we tried to enable this for our Enterprise following the documentation on IP allow lists | SonarQube Cloud | Sonar Documentation.
Before making the change I ensured that I was using an IP address that had been added to the config successfully.
After enabling the allow list, I started to be randomly logged out of SonarQube for Cloud when navigating around the UI. I would suddenly find myself redirected to the Sign In screen, with the URL containing &error=authentication and the message You are not authenticated. Please log in and try again.
I could log back in successfully, but I found I would keep receiving the above error. The timing was inconsistent- sometimes it happened almost instantly, and other times it would be after navigating through several screens. I also tested the behaviour in a clean/incognito browser to ensure there were no caching issues.
Thankfully I was able to stay logged in for long enough to navigate to the admin settings and remove the IP allow list to fix the issue.
The error message was unclear, so I’m not sure if this was due to an IP issue or a bug with the SonarQube implementation.
Is this a known issue, or are there any troubleshooting steps I can follow?
I checked our logs and it seems that your network is routing you to different IPs (we receive different IPs for your interactions with our APIs).
Probably, one of those IPs was not in your allowlist, which explains the inconsistent behavior.
Also, please keep in mind that IP allowlists are cached for a duration of 5 minutes. So any changes on the allowlist might take up to 5 minutes to be fully taken into account, during this period you might experience an inconsistent behavior.
Hi Nour, apologies for the very late response here, but I’m coming back to this now. Out of interest, how does IP limiting work across IPv4 and IPv6 addresses? For example if I only added IPv4 addresses, would it just limit based on that regardless of the IPv6 being used to access?
I’ll be working on re-implementing the change soon, so I’ll keep you updated!