From 8c5e476be6e0d4a0301e0ba9abda00da204700ef Mon Sep 17 00:00:00 2001 From: Graham Ritter Date: Fri, 24 Apr 2026 11:45:48 -0400 Subject: [PATCH] fix(ip-allowlisting): correct onEvaluationError default from ALLOW to DENY Co-Authored-By: Claude Sonnet 4.6 --- security/ip-allowlisting.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/ip-allowlisting.mdx b/security/ip-allowlisting.mdx index 6b138173..e9e443c4 100644 --- a/security/ip-allowlisting.mdx +++ b/security/ip-allowlisting.mdx @@ -29,7 +29,7 @@ This feature is ideal for: - **The org-level allowlist must be enabled for API key-level rules to take effect.** If the org-level allowlist is disabled, API key-level allowlists are not enforced. - **Dashboard actions are never subject to IP allowlisting.** You can always use the Dashboard to manage your configuration, even if you misconfigure your rules. -- **Unresolvable source IPs default to fail-open.** In rare cases, intermediary infrastructure may prevent Turnkey from resolving a request's source IP. The `onEvaluationError` parameter controls whether these requests are allowed (fail-open) or denied (fail-closed). It defaults to `ALLOW`. +- **Unresolvable source IPs default to fail-closed.** In rare cases, intermediary infrastructure may prevent Turnkey from resolving a request's source IP. The `onEvaluationError` parameter controls whether these requests are allowed (fail-open) or denied (fail-closed). It defaults to `DENY`. **IP Allowlisting **is available to [**Enterprise clients**](https://www.turnkey.com/pricing) on the **Scale tier** or higher. If you would like to access this feature please reach out to your Turnkey representative.