> ## Documentation Index
> Fetch the complete documentation index at: https://docs.spurtest.com/llms.txt
> Use this file to discover all available pages before exploring further.

# IP Whitelisting

> Allow Spur agent to access your application by whitelisting our IP addresses.

## Why Whitelist Spur's IPs?

Spur runs automated browser tests against your application from our cloud infrastructure. If your staging, development, or production environment is behind a firewall, VPN, or IP-restricted access layer, you need to allow traffic from Spur's IP addresses so that tests can reach your application.

<Warning>
  If Spur's IPs are not whitelisted, test runs will fail with connection or timeout errors because our test runners cannot reach your application.
</Warning>

## Spur IP Addresses

Contact the Spur team to get the current list of IP addresses you need to whitelist.

<Card icon="headset" title="Contact Us" href="/additional-resources/contact-us">
  Reach out to the Spur team to request the IP addresses for your allowlist.
</Card>

## How to Whitelist

The exact steps depend on where your application is hosted. Below are instructions for common providers.

<AccordionGroup>
  <Accordion title="AWS Security Groups">
    <Steps>
      <Step title="Open the EC2 Console">
        Go to the [EC2 Console](https://console.aws.amazon.com/ec2/) and select **Security Groups** from the left sidebar.
      </Step>

      <Step title="Select your security group">
        Find and click the security group attached to your application's instance or load balancer.
      </Step>

      <Step title="Edit inbound rules">
        Click **Edit inbound rules** and add a new rule:

        * **Type:** HTTPS (port 443) or HTTP (port 80), depending on your setup
        * **Source:** Custom, then enter each Spur IP address
        * **Description:** Spur test runners
      </Step>

      <Step title="Save">
        Click **Save rules**. Changes take effect immediately.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Google Cloud Firewall Rules">
    <Steps>
      <Step title="Open VPC Network">
        Go to the [VPC Firewall Rules](https://console.cloud.google.com/networking/firewalls) page in the Google Cloud Console.
      </Step>

      <Step title="Create a firewall rule">
        Click **Create Firewall Rule** and configure:

        * **Name:** `allow-spur-test-runners`
        * **Direction:** Ingress
        * **Targets:** Select the target tags or service accounts for your application
        * **Source IP ranges:** Enter each Spur IP address
        * **Protocols and ports:** Allow TCP on port 443 (and 80 if needed)
      </Step>

      <Step title="Save">
        Click **Create**. The rule applies within a few seconds.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Azure Network Security Groups">
    <Steps>
      <Step title="Open Network Security Groups">
        Go to **Network Security Groups** in the [Azure Portal](https://portal.azure.com/).
      </Step>

      <Step title="Select your NSG">
        Click the NSG associated with your application's subnet or network interface.
      </Step>

      <Step title="Add an inbound rule">
        Go to **Inbound security rules** and click **Add**:

        * **Source:** IP Addresses
        * **Source IP addresses:** Enter each Spur IP address (comma-separated)
        * **Destination port ranges:** 443 (and 80 if needed)
        * **Protocol:** TCP
        * **Action:** Allow
        * **Name:** `AllowSpurTestRunners`
      </Step>

      <Step title="Save">
        Click **Add**. The rule takes effect shortly.
      </Step>
    </Steps>
  </Accordion>

  <Accordion title="Vercel / Netlify / Cloudflare">
    Most modern hosting platforms like Vercel, Netlify, and Cloudflare do not block incoming traffic by default. If you have configured IP-based access restrictions (such as Cloudflare Access or Vercel's IP allowlisting), add Spur's IP addresses to your allowlist through that platform's dashboard.
  </Accordion>

  <Accordion title="Nginx or Apache">
    If you manage access control at the web server level, add Spur's IPs to your configuration.

    **Nginx** — add inside your `server` or `location` block:

    ```nginx theme={null}
    allow <SPUR_IP_1>;
    allow <SPUR_IP_2>;
    # Add all IPs provided by the Spur team
    ```

    **Apache** — add inside your `<Directory>` or `<Location>` block:

    ```apache theme={null}
    Require ip <SPUR_IP_1>
    Require ip <SPUR_IP_2>
    # Add all IPs provided by the Spur team
    ```

    Reload your web server after making changes.
  </Accordion>
</AccordionGroup>

## Verifying the Setup

After whitelisting, run a quick test from Spur to confirm connectivity:

<Steps>
  <Step title="Create or open a test">
    Navigate to any existing test or create a new one that targets the environment behind your firewall.
  </Step>

  <Step title="Run the test">
    Execute the test. If the first step (navigating to your URL) completes successfully, whitelisting is working.
  </Step>

  <Step title="Troubleshoot if needed">
    If the test fails with a timeout or connection error:

    * Confirm the correct IPs are whitelisted
    * Check that the allowed ports match your application (443, 80, or a custom port)
    * Verify there are no additional layers (VPN, WAF, CDN) that also require allowlisting
  </Step>
</Steps>

<Tip>
  If your infrastructure uses a Web Application Firewall (WAF) in addition to network-level rules, you may need to add Spur's IPs to both the WAF allowlist and your firewall rules.
</Tip>
