Mattermost, Inc.

Limiting access to channels/teams outside of company firewall

Hello,

Is there a way we can limit access to channels/teams outside company firewall.
For example, we want guests to access on-prem mattermost channels but want to prevent on-prem from accessing certain mattermost channels from outside the office.

Thanks!

  • Victoria

Hello, @vlee

With the usage of proxy, I believe that you should be able to (theoretically) block certain websites from being accessed from specific network. In this case, you want to blocking users from external IP address from accessing specific channels on Mattermost.

For example, using NGINX’s allow / deny - Website access restriction using nginx

  location /<team_name>/channels/<channel_name> {
        allow <ip_address>;
        deny all;
    }

Is there any specific use case that you have on your end as to why the prevention of access needs to be applied?

@vlee Just got the confirmation that this approach won’t work. It would block loading a permalink to the app at such an address but not the app browsing from one channel to another, nor the various APIs that can be used programmatically based on @jesse’s feedback. At this point, I wonder if there is any other way to achieve this.