Enabling IP Whitelisting in MongoDB 3.6: A Step‑by‑Step Guide

Authentication Restrictions in MongoDB 3.6

MongoDB 3.6 introduces authenticationRestrictions , allowing IP‑based whitelisting for both client connections ( clientSource) and the host address specified by the client ( serverAddress). This provides functionality similar to native IP filtering in MySQL, Oracle, and SQL Server.

How the fields work

clientSource

limits the IP addresses from which a user may connect. serverAddress limits the host value that the client supplies in the connection string (e.g., mongo --host=192.168.56.101). Both accept CIDR notation (e.g., 192.168.56.0/24) or wildcard patterns such as 192.168.56.*. When using drivers, the same restriction applies to the host parameter.

Implementation steps

Create a user (e.g., miracle) with the required roles using db.createUser() and include an authenticationRestrictions array that defines clientSource and/or serverAddress entries.

Enable authentication in the MongoDB configuration and restart the server.

Because MongoDB 3.6 binds to localhost by default, start the server with --bind_ip_all (or specify an explicit IP range) to allow remote connections.

Connect to the server using a host that matches the serverAddress whitelist, for example:

mongo --host=192.168.56.101 -u miracle -p YOUR_PASSWORD --authenticationDatabase=miracle

Verify that the connection succeeds only when both the client IP and the host address satisfy the defined restrictions.

Key considerations

The bind_ip setting must permit the client IP range; otherwise the server will reject the connection before authentication restrictions are evaluated.

Restrictions are evaluated after the user is authenticated; if the client IP is not in the clientSource list, authentication fails.

Both CIDR blocks and simple wildcard patterns are supported, but CIDR is the recommended format for precise control.

Reference

Official documentation: https://docs.mongodb.com/master/reference/method/db.createUser/#authentication-restrictions