Whitelisting IPs to be able to receive webhooks

Hi n8n community :slight_smile:

How can I whitelist an IP in order to be able to receive webhook from a thirdparty to my n8n workflow?

Best regards,

Hi @Rmn_Ornk :wave: Welcome to the community :tada:

You could use a reverse proxy if you need this to be IP based - this would have to be handled before the request reaches n8n, essentially.

If you control the service that makes the request, the easiest solution would be adding authentication to the HTTP Request node. n8n checks then if the given user & password matches (Basic Auth) or a required header has the correct value (Header Auth). But since you mentioned third party, this may not be an option for you.

Hi @EmeraldHerald and thanks a lot for taking the time to answer.

Yeah, it is a third party service that requires it to send webhooks so I may not go for the second option.

How would the first option work, and is there any documentation about it (I couldn’t find it)?

HI @Rmn_Ornk - no worries, I had a feeling that might be the case!

Can you tell me how you’ve installed n8n so I can get you the right information? This template would be helpful:

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

I’m using n8n cloud @EmeraldHerald - is it possible in this case?

Hi @Rmn_Ornk - I’m afraid it wouldn’t be at this point in time :see_no_evil: You could however head over to our Feature Request section of the forum, since our product team reads it regularly, and it looks like this has been requested at least once: Feature to restrict webhook_url for n8n

You can upvote and add your use-case to the thread :slight_smile:

Ok @EmeraldHerald, thanks a lot for taking the time to answer me! I’ll reopen the topic on the product side then :wink:

1 Like

@Rmn_Ornk Feature to restrict webhook_url for n8n - Feature Requests - n8n is a different, but related, topic as it deals with the ability to login to the GUI using both the base_url and the webhook_url; n8n treats them as equal.

The best solution is to block all requests at the WAF or reverse proxy level. An alternative approach would be to include the whitelist in a Set node and, immediately after the webhook is called, use an IF node to check to see if the source IP is in the whitelist and, if it is not, return a 403 error. Alternatively, you could use a Filter node to only process requests that are in the whitelist which will lead to all other requests timing out. You would, of course, need to configure the webhook to respond using the ‘Respond to Webhook’ node.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.