We just completed a project for a client located in the US. They are a big organization and have very strict measures in place about what can be accessed within their network. They have blocked access to websites/services outside of the US. Right now their marketing department cannot access the admin section of Dato to update the site we developed. The IT department is asking where the domain/services are currently located and hosted. If it is possible to host the domain on a US server?
I also just realized that Dato has an option to use a custom domain to access the admin. If we do that, do you think that it would solve the issue?
hey @jgiraldo you can try with the custom domain if you want, it’s included in every project. If they block based on the domain you should be good to go!
Otherwise our servers are all based in the EU: https://www.datocms.com/legal/security
We can easily set up a new frontend in the US, but the API calls are always going to hit the EU server.
We can think about a private installation only for you, but we need to discuss about enterprise agreements. If you think that’s the way to go please use this form: https://www.datocms.com/contact
Thank you!
WVU Medicine is utilizing a geo-blocking security model to help reduce the risk of ransomware. Because of this security model, content editors can’t reach the DatoCMS platform within their network because they are routed outside of the US. Is there a way on the DatoCMS side to funnel requests coming from WVU Medicine to US data centers only? If so, we can provide the IP addresses that we would need funneled. Another alternative could be if you have a range of IP addresses for your servers so WVU Medicine can whitelist those IPs. Please let me know if any of these options are possible.
best,
Hey @jgiraldo we cannot route everything in the US as we don’t have a datacenter there.
But if the problem is only with our interface, you should be able to find the IP address of the machine and add that to an allow list. It should not change much/ever, so you should be good to go for a while!
@mat_jack1 I did a LookupDNS for the cms interface (wvumedicine-cancer.admin.datocms.com) and I got the list of IPs for that server. Should we whitelist all the A records IP addresses? (see below)
wvumedicine-cancer.admin.datocms.com. 300 IN CNAME d2apk155x9xmgm.cloudfront.net.
d2apk155x9xmgm.cloudfront.net. 60 IN A 13.227.211.44
d2apk155x9xmgm.cloudfront.net. 60 IN A 13.227.211.30
d2apk155x9xmgm.cloudfront.net. 60 IN A 13.227.211.124
d2apk155x9xmgm.cloudfront.net. 60 IN A 13.227.211.79
oh right @jgiraldo I forgot we put Cloudflare in front of that as well.
In that case you might want to add the class of IPs from Cloudflare, those might change, I have no control on that, sorry
@mat_jack1 Thank you for the info. I did a LookupDNs again today and the IPs for the A records are now different so I guess it means they change frequently. I believe whitelisting the server(s) by domain name would be the only solution at this point?
yes, sorry, I cannot see any real alternative