Block users trying to access outside IP list

Hi , I am writing a rule to block emails trying to access outside from a given IP list, but it is still allowing users to login .

here is the rule

function (user, context, callback) {
  //Global blockedUsers 
  var blockedUsers = [ ''];  
  //authorized IPs
  var whitelistIPs = ['','', '', '','','',''];
  var userHasAccess = false;
  if (blockedUsers.some(
        function (email) {
          return email ===;
        if ( whitelistIPs.some(
      function (ip) {
        return context.request.ip !== ip;
           return callback(new UnauthorizedError('Access denied from this IP address.'));

    return callback(null, user, context);

Hi @om.munishsehgal,

Welcome to the Auth0 Community!

I understand that you are experiencing issues when trying to block users that do not have whitelisted IPs from logging in with an Auth0 Rule.

I have written a new Rule script to block non-whitelisted IPs and blacklisted email addresses:

function (user, context, callback) {
 const blockedUsers = [ '']; 
 const whitelist = ["", ""];
  if (!whitelist.includes(context.request.ip) || {
    return callback(new UnauthorizedError('Access to this application has been temporarily revoked'));

  callback(null, user, context);

Please let me know if you have any questions.


1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.