# Firewalls and ACLs

A key security mechanism in Couchdrop is ACLs. ACLs limit access to particular IP addresses or netwrok ranges.

There are three levels of ACL controls in Couchdrop:

* User based
* Group based
* Tenant based

ACLs are additive, in that if the user authenticating originates from an IP address in a range at all three levels, then we will allow the request. 

Configuring an IP address or network range is simple:

<figure><img src="/files/SbiXu5dTNIkywwo0bK4j" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.couchdrop.io/administration/users-and-groups/firewalls-and-acls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.