I have a question about white-listing my external IP address:
Under “Settings>Network>List of IP addresses and networks that are allowed without auth” I’ve added my subnet 192.168.1.0/255.255.255.0 to it.
So far so good. 
I do not pay for a static IP address but my external IP from my ISP (cable) only changes about every 24 to 36 months or so.
If I add my current IP address 94.1xx.yyy.zzz to this list would I gain any advantage in the case of a Plex service outage or is this an unnecessarily security risk?
I’m not using a VPN (I directly use the Plex app or app.plex.tv/web if nothing better is available).
Locally, this would do nothing. If your server is within your house, then your house will itself never “contact” your server from that IP.
If your server is hosted elsewhere, in THEORY it would work to allow you to access the server from your house externally without auth, but that is pretty scary. I do not know if public IPs are allowed to be without auth in this case anyway.
1 Like
That allows devices server owner level access without a login. They can reach see/modify all libraries, see/modify server settings, and delete media files (enable it in settings → library, then delete items from a library).
There are a seemingly limitless amount of port scanners on the Internet constantly probing every valid IP address and port number.
On the odd chance they find your Plex server, do you really want them to have admin level access?
Thanks for mentioning that. Just checked. According to the documentation, public IP addresses are not permitted.
From Plex Docs → Server Settings → Network
List of IP addresses and networks that are allowed without auth
The list of IP addresses or networks that can connect to Plex Media Server without authorization. Enter a comma-separated (no spaces or tabs!) list of IP addresses or specify a range using IP/netmask entries. This can be useful if you have an old, legacy, unsupported app (such as LG’s MediaLink or SmartShare apps) that you wish to use.
For instance, a value of 192.168.1.4,192.168.1.8 would allow devices at those two LAN IP addresses to connect to the server without authorization. Similarly, 192.168.1.100/255.255.255.0 uses a netmask to specify a range of local IP addresses. When the Plex Media Server is signed in to an account, specifying 127.0.0.1 will be ignored (you could instead use the specific LAN IP).
Tip!: Private/LAN addresses can be specified either as a range or as an individual IP address. Public (WAN) addresses are not valid for this server setting. Do not include spaces or tabs.
Warning!: Any app connecting to the server this way without being signed in will be treated as the admin/owner. That means access to all libraries as well as the ability to change server settings. We strongly encourage using Plex apps that allow signing in to accounts to ensure the highest security for your computer and network.
AFAIR this list only accepts private IP addresses.
It doesn’t make sense to add your own public gateway address to it, because there is not a scenario where requests to your server would be coming from there.
Correct.
Public IPs will be rejected. This would be a terrible idea.
2 Likes
