IP Filtering in Canvas

This document discusses the three different ways in which an admin can filter IP addresses in Canvas. 


Filtering IP addresses allows you to designate which IP addresses can be used when a user takes a quiz. Canvas allows you to filter IP addresses in three ways: typing each address separated by commas, using CIDR blocks (i.e., 177.0.255.34/20), or using subnet masks (i.e., 177.0.255.34/255.255.240.0). This guide will detail how to use CIDR blocks and subnet masks.


IP Address Basics

The most common form of IP address is IPv4, which is displayed as four numbers, ranging from 0 to 255, separated by decimal points. An example IPv4 address might look like this: 177.0.255.35.


Each number in an IP address represents 8 bits, or one byte, of information. These bits are displayed in binary, meaning they will either be a 0 or 1. Our second number in the example IP address in the previous paragraph (0) would be displayed as 00000000 in binary. The third number (255) would be displayed as 11111111. (This is why the range is set from 0 to 255; there are 256 total combinations for an eight-digit binary number. 2x2x2x2x2x2x2x2 = 256)


When creating a range, IP addresses are organized sequentially. Thus, the IP address that would follow 177.0.255.35 would be 177.0.255.36. Once a digit has reached 255, the next IP address in sequential order will depend on the previous number. For example, the next address after 177.16.134.255 would be 177.16.135.0.


CIDR Blocks

Filtering an IP address using a CIDR block (a backslash followed by a number) requires thinking of an address in binary. An IP address in four 8-bit sections results in a total of 32 bits. The number that follows the backslash represents the amount of bits that are blocked when defining the range. A CIDR block of /0 would allow access to any IP address between 0.0.0.0 and 255.255.255.255, while a CIDR block of /32 would only allow access to the IP address that precedes it.


Adding /8 after an IP address will block all IP addresses that do not match the first 8 bits, or first number, in the address included. This means typing 19.34.212.155/8 would create a range that includes all IP addresses between 19.0.0.0 and 19.255.255.255. 


Similarly, a CIDR block of /16 will block all IP addresses that do not match the first 16 bits, or first and second numbers, in the address included.  A CIDR block of /24 will block all IP addresses that do not match the first 24 bits, or first, second, and third numbers, in the address included.


Subnet Masking

Subnet masks serve the same purpose as CIDR blocks, they are just formatted differently. Instead of an IP address followed by a one- or two-digit number, it is an IP address followed by four more numbers each separated by a decimal point (similar to a second IP address). An example of an IP address filtered by a subnet mask would be 24.124.45.0/255.240.0.0.

Each number in the subnet mask represents the amount of bits that are not allowed to be used from the corresponding position in the IP address. So placing 255 in the first place of your subnet mask means that only one byte makes it through the filter and all IP addresses must match what is the first place of the IP addresses you included (24 in the example above). Using a 0 means that any number will be allowed in that space.


Calculation

To calculate a CIDR block or subnet mask, use one of the resources below:

  • IP Range Calculator: Calculates CIDR blocks and subnet masks based on IP range (not a Canvas site)
  • IP Subnet Calculator: Lists all possible CIDR blocks and subnet masks for an IP address (not a Canvas site)

There are many other IP calculators available online.


IP Filtering Table

The following table details how both CIDR blocks and subnet masks operate with IP filtering. The example start and end range below use the sample IP address prefix of 1.1.1.1.


CIDR Block

Subnet Mask

Bits Blocked

Start Range

End Range

/0

0.0.0.0

0

0.0.0.0

255.255.255.255

/1

128.0.0.0

1

0.0.0.0

127.255.255.255

/2

192.0.0.0

2

0.0.0.0

63.255.255.255

/3

224.0.0.0

3

0.0.0.0

31.255.255.255

/4

240.0.0.0

4

0.0.0.0

15.255.255.255

/5

248.0.0.0

5

0.0.0.0

7.255.255.255

/6

252.0.0.0

6

0.0.0.0

3.255.255.255

/7

254.0.0.0

7

0.0.0.0

1.255.255.255

/8

255.0.0.0

8

1.0.0.0

1.255.255.255

/9

255.128.0.0

9

1.0.0.0

1.127.255.255

/10

255.192.0.0

10

1.0.0.0

1.63.255.255

/11

255.224.0.0

11

1.0.0.0

1.31.255.255

/12

255.240.0.0

12

1.0.0.0

1.15.255.255

/13

255.248.0.0

13

1.0.0.0

1.7.255.255

/14

255.252.0.0

14

1.0.0.0

1.3.255.255

/15

255.254.0.0

15

1.0.0.0

1.1.255.255

/16

255.255.0.0

16

1.1.0.0

1.1.255.255

/17

255.255.128.0

17

1.1.0.0

1.1.127.255

/18

255.255.192.0

18

1.1.0.0

1.1.63.255

/19

255.255.224.0

19

1.1.0.0

1.1.31.255

/20

255.255.240.0

20

1.1.0.0

1.1.15.255

/21

255.255.248.0

21

1.1.0.0

1.1.7.255

/22

255.255.252.0

22

1.1.0.0

1.1.3.255

/23

255.255.254.0

23

1.1.0.0

1.1.1.255

/24

255.255.255.0

24

1.1.1.0

1.1.1.255

/25

255.255.255.128

25

1.1.1.0

1.1.1.127

/26

255.255.255.192

26

1.1.1.0

1.1.1.63

/27

255.255.255.224

27

1.1.1.0

1.1.1.31

/28

255.255.255.240

28

1.1.1.0

1.1.1.15

/29

255.255.255.248

29

1.1.1.0

1.1.1.7

/30

255.255.255.252

30

1.1.1.0

1.1.1.3

/31

255.255.255.254

31

1.1.1.0

1.1.1.1

/32

255.255.255.255

32

1.1.1.1

1.1.1.1



 Last update: 2019-02-15

This resource can also be accessed from the following Canvas Guides:

Labels (1)