How to Enable Firewall / IP Whitelisting in Compose MongoDB

Learn how to secure your Compose MongoDB database by enabling the IP whitelisting feature.

Compose by IBM is one of the most popular “MongoDB as a service” cloud providers.

IP whitelisting is available in Compose for deployments created with the default New MongoDB Deployment option, which will create a new MongoDB 3.2 server.

Sadly enough, this option is not available to deployments created before October 2015, as well as to those provisioned through the Classic MongoDB Deployment option.

Enabling whitelisting on Compose MongoDB

By default, Compose MongoDB allows accessing from any IP address. That’s a bad practice, given that even though Compose enforces Authentication, MongoDB leaks too much information to unauthenticated requests.

To properly protect your databases, it is necessary to only whitelist the public IP addresses of your application servers:

1. Go to the Compose dashboard.
2. Search in the deployments section for the specific deployment you wish to secure.
3. Open the Security tab and you should immediately see the Whitelist TCP/HTTP IPs option.
4. Press Add IP and then enter a description and the address you want to whitelist.
5. Press Add IP again. After a few seconds, the new access policy should be in force.

Remember that you can whitelist as many IP addresses as you want.

Tip: If you usually run your app in your own computer for testing or development purposes, you may also want to whitelist your home or office IP.