Neither Netlify nor Railway gives you dedicated static IPs out of the box. If your MongoDB Atlas cluster, private npm registry, or Google Cloud Function demands IP whitelisting, that's a problem worth understanding before you architect around it.
Netlify: No Static IPs
Netlify Functions run on AWS Lambda. Amazon doesn't publish IP ranges for individual Lambda containers, and they change constantly. Your function could execute on any of hundreds of IPs depending on load, region, and time of day.
The Netlify community has been requesting static IPs for years. It hasn't happened and likely won't. The platform isn't designed for it.
The practical workaround: an HTTP proxy with a static IP sitting between your function and the resource that demands whitelisting. Your function makes an HTTP request through the proxy. The destination sees the proxy's static IP.
Railway: Shared Static IPs
Railway is a step closer. On the Pro plan, you can enable static outbound IPs. Your app gets an IP address that stays the same.
The catch: it's shared with other Railway customers. You don't control it. You don't own it. When your database says "allow only this IP," you're trusting that no other customer on the same IP is causing problems.
For some use cases, shared IPs are fine. For others, especially where IP isolation matters to your security model, they're not enough.
QuotaGuard: Dedicated Static IPs
QuotaGuard provides two dedicated static IPs per subscription. They're yours. No one else uses them. When you whitelist them in your database or API, you're whitelisting your infrastructure alone. Both IPs are load-balanced with automatic failover.
Both Netlify and Railway integrate cleanly.
For API and webhook calls: Configure your HTTP client to route traffic through QuotaGuard's proxy. Every request leaves from the same IP address.
For Netlify Functions: Your function makes an HTTP request to your API or database REST endpoint (MongoDB Atlas Data API, Supabase PostgREST, etc.). Add the QuotaGuard proxy configuration. Done.
For Railway: Same approach. Environment variable, proxy configuration, and outbound traffic routes through a dedicated IP.
The Database Connection Gotcha
This is where most people stumble.
QuotaGuard's HTTP proxy works for REST APIs and webhooks. But if you need a direct TCP connection to PostgreSQL, MySQL, or a native MongoDB driver connection, the HTTP proxy won't work.
Netlify Functions have a hard constraint here. They can't maintain persistent TCP connections. Each invocation is ephemeral. Traditional database drivers don't work well.
The solution: use database REST APIs instead.
MongoDB Atlas provides the Data API. You query via HTTP instead of the MongoDB driver. Supabase exposes PostgREST. PlanetScale has an HTTP API. All of these work through QuotaGuard's HTTP proxy.
If your database doesn't have a REST API, the options are:
- Add a middleman. Deploy a small Node or Python service somewhere that can maintain a persistent connection. Your Netlify Functions talk to that service via HTTP through the proxy.
- Reconsider the architecture. Netlify Functions may not be the right fit for direct database connections.
On Railway
Railway gives you more flexibility. You can use persistent connections. The shared static IP on Pro plans handles most cases.
If you need dedicated IPs, QuotaGuard works the same way. Configure it via environment variable. The dedicated IP is yours alone.
Common Questions
Can I use Netlify's IP list directly?No. Netlify doesn't publish one. If someone has a list, it's a guess or it's outdated.
Does QuotaGuard work for inbound traffic?Not directly. It's for outbound connections from your functions. Inbound traffic (webhooks from GitHub, payment providers, etc.) is handled separately.
Is Railway's shared IP enough for me?If IP isolation doesn't matter to your security model, probably. If it does, go dedicated.
What if my database doesn't have a REST API?You need the middleman approach. Deploy a small service that maintains the persistent connection. Your functions talk to it via HTTP.
Next Steps
If you're running production Netlify or Railway and you need IP whitelisting:
- Check if your service has a REST or HTTP API. If it does, use QuotaGuard with that API.
- If it doesn't, deploy a small proxy service and whitelist that.
- If you're on Railway and don't need IP isolation, the shared Pro IP might work.
Sign up for QuotaGuard to get started. Setup takes a few minutes on either platform.
QuotaGuard Static IP Blog
Practical notes on routing cloud and AI traffic through Static IPs.
.webp)
.webp)
