[GH-ISSUE #742] ACL by IP address #542

New issue

Open

opened 2026-05-07 00:25:16 +02:00 by BreizhHardware · 3 comments

BreizhHardware commented

2026-05-07 00:25:16 +02:00

Owner

Originally created by @xylle on GitHub (May 23, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/742

💡 Idea
i would like to make ACL by ip address ou network address.

💻 Target components
ntfy server

Originally created by @xylle on GitHub (May 23, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/742 :bulb: **Idea** i would like to make ACL by ip address ou network address. :computer: **Target components** ntfy server

BreizhHardware added the

enhancement

server

labels

2026-05-07 00:25:16 +02:00

BreizhHardware commented

2026-05-07 00:25:16 +02:00

Author

Owner

@binwiederhier commented on GitHub (May 23, 2023):

I don't hate the idea, which is the best compliment you'll get from me.

Do you have thoughts on how the CLI and web app would look like?

@binwiederhier commented on GitHub (May 23, 2023): I don't hate the idea, which is the best compliment you'll get from me. Do you have thoughts on how the CLI and web app would look like?

BreizhHardware commented

2026-05-07 00:25:16 +02:00

Author

Owner

@xylle commented on GitHub (May 24, 2023):

I didn't really think about the problem.
I imagine make a bypass of the authentication according to the IP address or the network of the client.
Don't change anything for the rest.

Thank you for the compliment, I am a fan of this style of compliment.

@xylle commented on GitHub (May 24, 2023): I didn't really think about the problem. I imagine make a bypass of the authentication according to the IP address or the network of the client. Don't change anything for the rest. Thank you for the compliment, I am a fan of this style of compliment.

BreizhHardware commented

2026-05-07 00:25:17 +02:00

Author

Owner

@waltmck commented on GitHub (Apr 26, 2025):

I am also interested in this feature---my specific use-case is that I want all of the devices on my VPN subnet to be able to push/listen from NTFY without worrying about distributing a shared key. I need to expose NTFY publicly in order to use UnifiedPush, but there is no way I could find to set more restrictive permissions for out-of-network IPs than for in-network IPs.

The easiest way to add my desired functionality is probably a listen-http-trusted config field that functions like listen-http except it does not check passwords. In my case, I would set listen-https to my server's public network IP and listen-http-trusted to my server's VPN IP.

@waltmck commented on GitHub (Apr 26, 2025): I am also interested in this feature---my specific use-case is that I want all of the devices on my VPN subnet to be able to push/listen from NTFY without worrying about distributing a shared key. I need to expose NTFY publicly in order to use UnifiedPush, but there is no way I could find to set more restrictive permissions for out-of-network IPs than for in-network IPs. The easiest way to add my desired functionality is probably a `listen-http-trusted` config field that functions like `listen-http` except it does not check passwords. In my case, I would set `listen-https` to my server's public network IP and `listen-http-trusted` to my server's VPN IP.

BreizhHardware referenced this issue

2026-05-07 01:01:35 +02:00

[PR #542] [MERGED] Use prepared statement for bulk writes #1328