Secure Your App with IP Security

Hello Tadabase users! Welcome to another episode of "Build It With Tim." Today, we're going to dive into the world of IP security within your Tadabase application. If you want to ensure the utmost security for your app, IP security is a valuable feature that can help you achieve that. Let's explore how you can enable and use it effectively.

Goal: The goal of this guide is to show you how to enable and utilize IP security in your Tadabase application to control access based on IP addresses. You'll learn how to whitelist or blacklist specific IPs and even customize messages for unauthorized access.

Instructions:

1. Enabling IP Security:

To start using IP security, go to your app's settings and navigate to app security settings.
Simply enable IP security from the options available.

2. Whitelist or Blacklist IPs:

After enabling IP security, you can choose to either allow or block a list of IPs.
If you opt to block specific IP addresses, you can set up a custom message to be displayed when users from those IPs attempt to access your application.

3. Customize the Custom Message:

Customize the custom message by using variables, such as the captured IP address. For example, you can display a message like "Sorry, the following IP Address: {ip}, is not authorized to view this page."

4. Utilize CIDR Blocks:

IP security also supports CIDR blocks, allowing you to group and manage multiple IP addresses together.
Use CIDR notation to specify the range of IP addresses you want to allow or block.
You can find online calculators or generators to help you generate CIDR block notations.

Taking It Further: But let's not stop there. In true "Build It With Tim" fashion, we'll explore more advanced options:

1. Set Up IP Address Storage:

Create a new table in your data builder to store IP addresses. You can mark them as active or inactive (whitelisted or blacklisted) using radio fields.

2. Capture User IP:

Add a text field in your form to capture the user's IP address. You'll need this to validate access.

3. Configure the Tadabase REST API:

Generate a new API key in your app settings to use with the REST API pipe.
Create a filter by a single field request in the REST API pipe to check if the user's IP is marked as active or inactive based on the IP address captured.

4. Install Tadabase Plugins:

Install the "Capture IP Address" plugin on your page, which will help you capture and log user IP addresses.

5. Create Validation Rules:

Disable the IP address field in your form to prevent editing.
Add validation rules to check if the captured IP is whitelisted or blacklisted. Customize messages accordingly.

By following these instructions, you can not only secure your app with IP security but also control access to specific parts of your application based on user IP addresses.

That's it for today's episode of "Build It With Tim." We hope you've learned how to enhance your app's security using IP security and the flexibility of Tadabase plugins and features. Thanks for watching, and stay tuned for more exciting Tadabase tutorials. Take care!

Features Discussed:

App Security Settings (Time: 0:30)
Learn how to implement IP security, allowing or blocking specific IPs, and customize messages for unauthorized access.
Tadabase Rest API (Time: 4:00)
Learn how to generate API keys and filter records, like IP addresses, using the REST API in your app.
Plugin (Time: 6:45)
Learn how to use a Tadabase plugin to capture users' IP addresses in form submissions and store this information securely. For example, learn to disable the IP field to prevent editing while still logging the IP data.
Validation Rule with Tadabase Rest API (Time: 7:57)
Learn how to capture and store users' IP addresses in form submissions using a Tadabase plugin.

Transcript Summary

Introduction

Hey everybody, this is Build It with Tadabase. In addition to the numerous other security features that Tadabase has to offer, if you really want to lock down your application, I'm going to show you how you can enable and use IP security inside your app.

Enabling IP Security

IP security is located in your app settings under App Security Settings. All you need to do is enable IP security, and then you can choose whether you want to allow a list of IPs or block a list of IPs. If you choose to block any IP addresses, you can enable a custom message that will be shown when a particular user tries to access your application.

For example, if I enter my IP address and then go over to our published application and try to refresh the page, you're going to see that I'm locked out. One of the cool things about IP security is the custom message. We can use the IP address currently being captured by the system as a variable in the message. We can switch the message to say "IP [IP_ADDRESS] is not authorized to view this page." When I refresh, you'll see it will actually display that IP address in our custom message.

Using CIDR Blocks for IP Security

Another cool feature in IP security is the ability to block or allow IPs using CIDR blocks. CIDR notation is a way to group multiple IP addresses together, so you can block or allow them all at once. You’ll need to use specific CIDR notation, which you can generate using online calculators.

For example, if we wanted to block everywhere from 169.15.218.0 to 169.15.218.100, we could use the CIDR notation /24. This will block anything within that range. When I refresh the published application, I'm not authorized. If I switch to only allowing these IPs, I can now view the app.

Advanced Security with Tadabase Plugins and REST API

This wouldn't be a Build It with Tadabase video if we didn't take it further. We can do more with IP addresses and locking down parts of an application using Tadabase plugins, validation rules, and the Tadabase REST API.

For this demo, we’ll pretend that we want to lock down a form by IP address. Users can view the page, but if they want to fill out the form, their IP must be whitelisted. We’ll add a text field to the form to capture the IP address, and then use that to look up another table to validate whether the IP is active (whitelisted) or inactive (blacklisted).

Setting Up the Data Table

First, go back to the Data Builder and create a new table called "IP Addresses" to store IP addresses. For example, I’ve stored my own IP and marked it with a radio field as inactive. Then, go to the data table where the form submits and add a text field called "IP Address" to capture the user’s IP.

Next, we’ll use the Tadabase REST API pipe inside the form component. Before we install the pipe, go to your app settings, click API Keys, and generate a new API key for use with the REST API pipe. Then, go to the pipe section of the application, click on the REST API pipe, and click Install. Select the API key you just generated.

To finish configuring the REST API pipe, go to the API Calls menu, and choose "Filter by a Single Field." This will allow us to look in the IP Address table, filter records by the captured IP address, and check whether it’s currently active or inactive.

Testing and Mapping Responses

To test this and map out the responses we need, go back to your Data Builder, grab an IP address, and use it as a search value in the REST API pipe. Go to the Test tab, enter the value, and perform the search. You should find one record, showing the IP address and whether it’s whitelisted or blacklisted.

To map out the responses, choose "Populate Response," expand the items array, and keep only the relevant field (e.g., field40 for IP status). Disable all other fields, and save your settings.

Final Configurations

Now that we’re done with the complicated stuff, let’s finish the build with some easier configurations. Inside the Page Builder, on the page that stores our form component, install the "Capture IP Address" plugin. Select the form component and the text field where the IP address will be saved. Click Install.

Switch over to your published application and refresh the page. You’ll see that we are now capturing the IP address as the page loads. Next, disable the IP Address field in the form so that it’s logged but not editable by users.

Finally, add a validation rule to check whether the captured IP address is whitelisted. If the IP status is inactive, display a message saying, "Sorry, you are not authorized to submit this form."

Testing the Validation Rule

Now, when I try to submit the form, my IP is not whitelisted, so I see the message, "Sorry, you are not authorized to submit this form." If I go back into the Data Builder and switch the IP status from blacklisted to whitelisted, I can successfully submit the form.

Conclusion

That’s it for today's episode of Build It with Tadabase. I hope you learned some cool things about IP security and the true power of Tadabase plugins and the flexibility they offer to control every aspect of security in your application. Thanks so much for watching, and we’ll see you next time. Take care!

How did we do ?

Turning Spreadsheets into Structured Databases with Tadabase

API Token Authorization and Refreshing the Token in Tadabase

How do I build a booking calendar?

How do I build a time tracking module?

How do I build a payment system with Stripe?

How do I restrict pages from the Live App?

How do I build a complex User creation workflow?

How do I loop through connected records with Make?

How do I find similar records?

How do I use OpenAI with my app?

How do I build a "Like" system?

How do I use iOS shortcuts to send data to my app?

How do I use CSS classes with Display Rules?

How do I send real-time notifications in my app?

How do I save values to Local Storage?

How do I validate and compare connected record values?

How do I use the barcode scanner?

How do I build a proposal or quote generator?

How do I embed video calls in Tadabase?

How do I use Row Visibility?

How do I build a workflow that allows for User Signup and automatic Company creation?

How do I build a Company Portal / ERP?

How do I build a Pricing Calculator?

How to send email notifications from your Tadabase application

How do I build a multiple choice test?

How do I create dynamic Google Docs from my app data?

How do I send User Activation Links?

Building Cascading Connections

How do I iterate through a Date Range?

Generate Tweets and automate your Twitter account using Open AI

Custom Image Galleries

Password Protected Editing

Messages & Replies

Cascading Deletes

Multi-Tenanted Family Planner

Supercharging Form Components with Display Rules and CSS

Family Planner (pt. 2) Custom Components

Building a Rental Marketplace App

Converting date/time to the End-User's time zone

How do I hide fields based on User preferences?

Tadabase powered moving & packing app

BarkTag - Cloning an app found on Instagram with Tadabase

External equation processing with Sparklite.io

8 ways to filter data in your Tadabase app

Building a Sales Funnel & Pipeline

Building an Event Registration app

Building your own in-app discount codes for Stripe payments

Automate notification emails with Tadabase

Build filtered presets to save as custom views

Dynamic Status Indicators

Mastering Data Table Structure

Building Custom Components with ChatGPT

Turning Spreadsheets into Structured Databases with Tadabase

Secure Your App with IP Security

API Token Authorization and Refreshing the Token in Tadabase

Why Speed Of Development Matters

Dive Deep into Tadabase's Field Settings

How to add CSS to your application

Automating Daily Reports

10 More Tips & Tricks to make you a better builder

Creating Dynamic Record Links

Building Tadabase apps with your own custom ChatGPT AI Chatbot

Building Tadabase apps with your own custom ChatGPT AI Chatbot (part 2)

Login & Logout Redirect Rules

Use Validation Rules to Ensure Unique Votes Per User

Importing Font Families

Customizing Color Badges

How can I increment a number field?

Track which users liked a specific record

Show date/time as a countdown

2 Step Forms

Adding QR Codes

Adding charts to PDFs

Adding a background image to a row, column, or component

Animate parts of a page

Add a collapsible accordion element to your app

Chat Widgets

Formatting Numbers in PDF as Currency~

Changing background colors

Set background colors to the edge of a page

Change the background of a column

Add padding around a component