Skip to main content

Allowlist

Unlike most other types of Knocknoc backends that require the Knocknoc agent to actively push grants into the target system, theThe Allowlist backend simply publishesmakes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent.

Pros
  • Does not require a Knocknoc agent.
  • Provides an additional option for custom integrations.
Cons
  • Knocknoc cannot know if/when grants are applied on the target system, therefore less feedback is provided to users.
  • We rely on appliances/clients to poll for allowlist updates, so they are potentially slower.
  • Since Knocknoc only publishes the active allowlist, the client must implement revocation/deny.
Common Use Cases
  • Fortinet External Connectors
  • Custom web applications
Usage
  1. AddLog aninto your Knocknoc admin UI at /admin
  2. Click on API keys and add a key with scope allowlists.read.
  3. AddClick on backends and add a backend of type "Allowlist".
  4. AddClick on ACLs and add an ACL and select your new allowlist backend.backend
  5. Copy the provided URL. This is where your allowlist grants will be published. The URL is in format https://example.knoc.cloud/api/v1/allowlists/<aclId>/<token>.<format>
  6. When fetching the URL, use http basic authentication with:
    1. username: apikey (or any string value)
    2. password: the API key secret

The Allowlist backend is available in Knocknoc v5.2.v6.0.0.