IP whitelisting

Instructions for utilizing IP whitelisting to protect your data.


Labelbox server address

Another way to protect your data from unauthorized access is to whitelist an IP range. For example, you can put your source data behind a local network or VPN. Then, whitelist the IP range of your VPN so you can access and review data from anywhere and better manage access to your network. Or you can whitelist the IP range of your outsourced labeling team's wifi network. This way external team members can label and review the data without VPN access.


Not compatible with delegated access integrations

This configuration is only recommended when using a non-delegated access configuration.

It doesn't work with delegated access integrations.

IP whitelisting for AWS S3

You can set up IP whitelisting for AWS S3 with an IP address bucket policy. Once set up, you can only access assets while connected to your VPN or wifi network. Once you disconnect from your VPN or wifi network, the assets will no longer load.

  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": [ "s3:GetObject" ],
      "Resource": "arn:aws:s3:::examplebucket/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": ""},

Find your IP range

Typically a router will be configured for 255 IP addresses. Visit whatsmyip.org to see your computer’s IP address. For example, if it were, your IP range would be -

You should contact an administrator to get a static IP range if you're under a company VPN.