Static Inbound & Outbound IPs for Pantheon Sites

Q: Can I use QuotaGuard to connect my Pantheon site to an external Microsoft SQL Server?

Yes, you can use QuotaGuard's SOCKS5 proxy to connect your Pantheon site to an external Microsoft SQL Server or any other TCP-based service.

Q: Does modifying wp-config.php route all my WordPress traffic through the proxy?

No, configuring WP_PROXY_HOST only routes HTTP API calls made via the WordPress HTTP API. You can use WP_PROXY_BYPASS_HOSTS to exclude certain domains (like wordpress.org for updates) from the proxy.

Q: How do I handle different credentials for Dev, Test, and Live environments?

You can use environment-specific configuration in secrets.json, settings.php, or wp-config.php by checking the $_ENV['PANTHEON_ENVIRONMENT'] variable to dynamically load the correct QuotaGuard credentials.

Q: Does this work with Drupal's SOAP Client?

Yes, QuotaGuard works seamlessly with Drupal's native SoapClient. You simply need to pass the proxy_host and proxy_port parameters in your client configuration.

The missing network layer for WebOps.

Connect WordPress and Drupal securely to legacy databases, banking gateways, and internal APIs.

Enterprise Connectivity for WebOps

Pantheon’s container grid is brilliant for scaling, but its rotating IP pool makes it impossible to connect to strict corporate firewalls.

QuotaGuard provides a verifiable, static "Passport" for your CMS, allowing your agency to deliver enterprise-grade integrations without leaving the Pantheon workflow.

‍Note: Designed for backend connectivity (SQL, SOAP, APIs). This solution is not intended for web scraping consumer sites (e.g., social media or ticketing platforms) that block cloud infrastructure.

Digital illustration of a glowing shield with an IP address protecting data servers connected to cloud storage icons.

Native Outbound Configuration

You don't need to install complex server-side software. QuotaGuard integrates natively with the configuration files you already use.

Whether you are running a headless Drupal setup or a high-traffic WordPress WooCommerce store, the setup is standard and stable.

WordPress Config

Simply define the WP_PROXY_HOST and WP_PROXY_PORT constants in your wp-config.php file.

This automatically routes all HTTP requests from core WordPress and compliant plugins through your static IP.

Drupal Settings

Configure the proxy settings directly in settings.php using the standard $settings['http_client_config'] array.

This ensures that all Guzzle HTTP requests made by your Drupal modules exit securely through QuotaGuard.

Secure Tunneling (SOCKS5)

For non-HTTP traffic (like direct database connections or SFTP), use our SOCKS5 tunnel.

This allows you to securely reach services that don't speak standard HTTP, expanding what your Pantheon site can actually talk to succesfully.

Built for WebOps & Agencies

We understand the agency workflow. You have Dev, Test, and Live environments.

QuotaGuard works across your entire Pantheon workflow, allowing you to test connectivity in a sandbox before deploying the static IP configuration to production.

Digital map with two data centers labeled us-central-1 and europe-west-1 connected to a central shield icon with a padlock, symbolizing secure cloud networking.

FAQs

Specifics on configuring wp-config.php, settings.php, and handling environment variables for your Pantheon Static IP.

Can I use QuotaGuard to connect my Pantheon site to an external Microsoft SQL Server?

Yes.

Since Pantheon does not allow you to install system-level drivers or open arbitrary ports, you cannot connect directly.

However, by using QuotaGuard’s SOCKS5 proxy, you can tunnel the traffic from your PHP code to the remote SQL Server.

This allows you to securely query the database without exposing the SQL server to the open web.

Does modifying wp-config.php route all my WordPress traffic through the proxy?

By default, setting WP_PROXY_HOST routes all HTTP requests made by the WordPress core HTTP API through the proxy.

However, you can use the WP_PROXY_BYPASS_HOSTS constant to exclude specific domains (like wordpress.org for updates or your own analytics).

This ensures you only use QuotaGuard bandwidth for the API calls that actually require a static IP.

How do I handle different credentials for Dev, Test, and Live environments?

Pantheon manages environment variables gracefully.

We recommend setting your QuotaGuard connection string as a private variable in a secrets.json file or using Pantheon’s "Secrets" management (if available on your plan).

Your settings.php or wp-config.php can then logicially check $_ENV['PANTHEON_ENVIRONMENT'] to load the correct proxy credentials for Dev, Test, or Live.

My client requires a Static IP for a SOAP/XML bank integration. Does this work with Drupal's SOAP Client?

Yes.

The standard PHP SoapClient has a proxy_host and proxy_port option in its constructor.

You can simply pass your QuotaGuard credentials into these fields when initializing the client.

This is a very common use case for Pantheon sites integrating with legacy payment processors or insurance APIs.

Does this work with Pantheon's "Upstreams"?

Yes.

You can commit your proxy configuration code to your upstream, and it will deploy across all sites, while keeping the actual credentials secure in environment variables or secrets files.

Can I use QuotaGuard in my Quicksilver hooks (deploy scripts)?

Yes. Quicksilver scripts run in the same container environment as your site.

If you need your deployment script to notify a secure JIRA instance, trigger a Jenkins build, or push a notification to a firewalled Slack channel, you can simply include your QuotaGuard credentials in the script.

This ensures your "Ops" traffic is just as secure and identifiable as your application traffic.

Do I need a Pantheon "Enterprise" plan to use QuotaGuard?

No.

Pantheon’s native "Secure Integration" (formerly PEG) is often restricted to Enterprise or Elite plans. QuotaGuard works on all Pantheon plan tiers, including Basic and Pro.

This allows agencies to build enterprise-grade connectivity for clients who aren't ready to commit to an annual enterprise contract with Pantheon directly.

Still have questions?

We don’t outsource Support to non-Engineers.

Reach out directly to the Engineers who built Shield to discuss your specific architecture, integration challenges, or compliance constraints here 👇

Contact

🚀 Ready to Get Started? Choose Your QuotaGuard Path

QuotaGuard STATIC

Why: You need a rock-solid, fixed IP for general API access, AI workflows, or standard third-party integrations.

Best For: Developers, startups, and general application connectivity.

Key Feature: SOCKS5 support for secure database access.

QuotaGuard SHIELD

Why: You handle HIPAA, PCI, or sensitive PII data and require End-to-End Encryption (E2EE) for full compliance.

Best For: Regulated industries, financial services, and healthcare.

Key Feature: SSL Passthrough and key isolation.

Trusted by Engineering Teams Everywhere

Reliability Engineered for the Modern Cloud

For over a decade, QuotaGuard has provided reliable, high-performance static IP and proxy solutions for cloud environments like Heroku, Kubernetes, and AWS.

Get the fixed identity and security your application needs today.

Start Free Trial Talk to an Engineer