Netlify Integration: Static Inbound & Outbound IPs

Netlify uses a globally distributed, ephemeral CDN architecture where outbound traffic originates from vast, rotating pools of dynamic AWS and Google Cloud IP addresses.

Because these nodes are added and removed automatically to optimize traffic, Netlify cannot provide a fixed CIDR block for whitelisting.

QuotaGuard solves this by adding a dedicated proxy layer that stays constant even as Netlify’s underlying infrastructure scales or migrates across different cloud nodes.

Yes, QuotaGuard is fully compatible with the Deno-based runtime environment used by Netlify Edge Functions.

Unlike standard serverless functions, Edge Functions act as middleware at the network edge, allowing you to intercept and route requests before they reach the browser.

By utilizing QuotaGuard's HTTP or SOCKS5 protocols within your Edge logic, you can securely access restricted enterprise APIs with the low-latency benefits of edge computing.

To whitelist Netlify, you must route your outbound connection through QuotaGuard and add only your two assigned QuotaGuard Static IPs to your database’s firewall rules.

Since Netlify’s build and function servers use transient IPs that change constantly, attempting to whitelist the hosting provider directly is unreliable and insecure.

QuotaGuard provides a "secure bridge," allowing your serverless code to connect to firewalled SQL or NoSQL databases without exposing your ports to the entire public internet.

The added latency is typically negligible (often under 10ms) if you match your QuotaGuard cluster to the AWS region hosting your Netlify Functions.

Netlify allows you to customize your function region in the site dashboard; by co-locating QuotaGuard in that same region, you ensure the shortest possible "network hop".

This is critical for staying within Netlify’s 10-second (synchronous) or 15-minute (background) function execution limits.

Yes, storing connection strings in Netlify’s Git-integrated environment variables is the industry-standard security practice.

Netlify encrypts these variables at rest and allows you to "scope" them specifically to the build or function runtime, ensuring they are never exposed to the client-side browser.

For added security, QuotaGuard Shield also supports secure proxy authentication tunnels, preventing credential leakage even during the initial connection handshake.

For healthcare teams, QuotaGuard Shield provides the mandatory End-to-End Encryption (E2EE) and Business Associate Agreement (BAA) required for transmitting Protected Health Information (PHI).

By utilizing SSL Passthrough, your sensitive data remains encrypted from the moment it leaves your Netlify Function until it reaches its final destination.

This "blind conduit" architecture ensures your compliance surface area is minimized because QuotaGuard never decrypts your traffic or possesses your private keys.

Yes, QuotaGuard Shield can act as a static inbound entry point (Reverse Proxy) for services that require a single IP to send webhooks or API calls.

While Netlify’s load balancer IPs are dynamic, you can point your third-party service to your QuotaGuard Static IP, which will then securely forward the traffic to your Netlify endpoint.

This eliminates the need for partners to whitelist a rotating pool of CDN nodes and ensures your incoming integrations never break due to provider IP changes.