Allowlist
The Allowlist backend makes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent to be deployed.
Common Use Cases
- Fortinet External Connectors
- F5 BigIP devices (IP intelligence)
- Custom web applications
Usage
- Log into your Knocknoc admin UI at
/admin
- Click on API keys and add a key with scope
allowlists.read
- Click on backends and add a backend of type "Allowlist"
- Click on ACLs and add an ACL and select your new allowlist backend
- Copy the provided URL. This is where your allowlist grants will be published. The URL is in format
https://example.knoc.cloud/api/v1/allowlists/<aclId>/<token>.<format>
- When fetching the URL, use http basic authentication with:
- username:
apikey
(or any string value) - password: the API key secret
- username:
The Allowlist backend is available in Knocknoc v6.0.0.
Pros
- Any device that can poll for a list of IP addresses can integrate with Knocknoc, a good solution for unidirectional network environments or assets deep in an organisation.
- Does not require a Knocknoc agent to be installed.
- Provides an additional option for custom integrations.
Cons
- Knocknoc cannot know if/when grants are applied on the target system, therefore less feedback is provided to users.
- Polling is typically time-based not event based, this may see a user waiting for access after logging in - depending on the poll interval supported by the infrastructure or appliance.
- Since Knocknoc only publishes the active allowlist, the client must implement revocation/deny.