--- title: "Controlling Access" date: "2024-02-14T06:18:38+00:00" summary: "Secure your Drupal site with Shield's IP allowlisting feature. Learn how to restrict SSH access, manage IP addresses, and enhance your Cloud Platform security effortlessly." image: type: "page" url: "/acquia-cloud-platform/add-ons/shield/controlling-access" id: "ef383051-fd29-4844-95bf-6e464ada8f87" --- Allowlisting in Shield ---------------------- Important IP allowlist management is available only to [Shield](/acquia-cloud-platform/add-ons/shield) subscribers on Cloud Platform Enterprise, and is not available for Site Factory. Shield enables you to configure IP address allowlisting for occasions when you must restrict SSH access to the web servers in your subscription. Note * Cloud Platform requires specific Acquia-operated IPs and CIDR ranges to remain accessible to all servers. You cannot modify or control them by using Shield IP allowlisting. They do not count toward the IP allowlist limits. * Shield imposes a limit of 25 IP addresses or CIDR ranges. * Port 22 is closed at the load balancer layer of Cloud Platform. Shield restricts access to port 22 in the web server layer of Cloud Platform. * Acquia Cloud products such as [Code Studio](https://docs.acquia.com/acquia-cloud-platform/add-ons/code-studio) or [Cloud IDE](https://docs.acquia.com/acquia-cloud-platform/add-ons/ide) depend on SSH access to your Cloud Platform application. Therefore, you must allowlist these products manually. To get the list of IP addresses to allowlist them, contact [Acquia Support](/service-offerings/support "Support"). * For more information about security settings in Cloud Platform, such as [password strength](https://docs.acquia.com/acquia-cloud-platform/access/password-strength), [two-factor verification](https://docs.acquia.com/acquia-cloud-platform/access/two-step-verification), or [allowlisting access to the Cloud Platform interface](/acquia-cloud-platform/securing-your-application-ip-address-allowlisting "Securing your application with IP address allowlisting"), see [Managing security settings](https://docs.acquia.com/acquia-cloud-platform/access/security). Enabling allowlisting in Shield ------------------------------- To limit SSH access to your infrastructure for all applications in your subscription: 1. [Sign in to the Cloud Platform user interface](https://docs.acquia.com/node/55875) with the _Owner_ or _Administrator_ role, and then select the application you want to work with. 2. In the menu to the left, click **Security**.  ![shield_adding-rule.png](https://acquia.widen.net/content/545e933e-630a-4178-99f7-4ef340f6d148/web/7910d_shield_adding-rule.png?w=720&itok=3AE8_q4O) 3. Click **Shield**. 4. Click **Add Rule**.  ![shield_adding-rules.png](https://acquia.widen.net/content/8a1b8fa9-3b25-4f1d-a9d1-644818d4a7e7/web/60f55_shield_adding-rules.png?w=720&itok=LjIgYXwO) 5. In the **Rule Name** field, enter a name less than 90 characters in length. 6. In the **IP address(es) or range** section, select one of the following options: * **Enter manually**: Enter one or more addresses (such as `10.0.0.1`) in the text area. * **Import a CSV file**: Drag a text file containing one or more IP addresses (such as `10.0.0.1`) into the text area. Note You can separate several IP addresses by a space, comma, or line breaks. You can also use CIDR ranges, such as: `222.117.0.1/24`. 7. Click **Save**. The system refreshes the page and displays all IP addresses in the CIDR format.