How to fix remote: Your IP address is not allowed to access this resource in Git

First, determine your current public IP address that GitHub sees when you try to connect:

Check your IP address:

# Using curl
curl -s https://api.ipify.org
# Or
curl -s https://ifconfig.me

# For IPv6 address
curl -s https://api64.ipify.org

# On Windows without curl
nslookup myip.opendns.com resolver1.opendns.com

Check both IPv4 and IPv6:

# Get both addresses
curl -4 -s https://ifconfig.me && echo " (IPv4)"
curl -6 -s https://ifconfig.me && echo " (IPv6)"

Note down your IP address - you'll need to provide this to your organization administrator or add it to the allow list yourself if you have admin access.

Important: GitHub is expanding IPv6 support. If your network uses IPv6, ensure both your IPv4 and IPv6 addresses are considered.

The quickest workaround is to connect from a network that's already on the allow list:

Option 1: Use corporate VPN

# Connect to your company's VPN first
# Then verify your new IP
curl -s https://api.ipify.org

# Try your Git operation again
git pull origin main

Option 2: Work from the office
If your company's office network is on the allow list, Git operations will work when connected to that network (either on-site or via VPN).

Option 3: Use an approved jump host

# SSH to an approved server and work from there
ssh [email protected]
cd /path/to/repo
git pull origin main

Verify the connection works:

# Test SSH connection to GitHub
ssh -T [email protected]

# Test HTTPS connection
git ls-remote https://github.com/org/repo.git

If you need regular access from your current location, request that your IP address be added to the organization's allow list:

Information to provide to your administrator:
- Your current public IP address (from step 1)
- Whether it's a static or dynamic IP
- If dynamic, provide a CIDR range (e.g., your ISP's IP block)
- The business justification for remote access

For organization owners/admins - adding an IP address:
1. Navigate to your organization on GitHub
2. Click Settings > Security > Authentication security
3. Scroll to the IP allow list section
4. In "IP address or range in CIDR notation", enter the IP address
- Single IP: 203.0.113.50
- IP range: 203.0.113.0/24
5. Add a description (e.g., "John's home office")
6. Click Add

For enterprise owners:
1. Click your profile photo > Your enterprises
2. Select your enterprise
3. Go to Settings > Authentication security
4. Scroll to IP allow list and add the IP address

Note: Changes may take a few minutes to propagate due to caching.

If your CI/CD pipelines are failing, you need runners with static, known IP addresses:

GitHub Actions - Use larger runners:
Larger runners (available on GitHub Team and Enterprise) can be configured with static IP addresses:

# .github/workflows/build.yml
jobs:
  build:
    runs-on: ubuntu-latest-4-cores  # Larger runner
    steps:
      - uses: actions/checkout@v4

GitHub Actions - Use self-hosted runners:

jobs:
  build:
    runs-on: self-hosted  # Your own infrastructure with known IPs
    steps:
      - uses: actions/checkout@v4

Configure self-hosted runner:

# On your server with a static IP
# Download the runner from your org's settings
./config.sh --url https://github.com/your-org --token YOUR_TOKEN
./run.sh

For other CI/CD platforms:
- GitLab CI: Use runners on infrastructure with static IPs
- Jenkins: Ensure Jenkins server has a static IP in the allow list
- CircleCI: Consider using self-hosted runners
- Azure DevOps: Use self-hosted agents

Add CI/CD IPs to the allow list:

# Example: Add your CI server's IP
192.168.1.100/32   - Jenkins Server
10.0.0.0/8         - Internal CI network

If you're using GitHub Apps and they're being blocked, the app's IP addresses need to be in the allow list:

Option 1: Configure the GitHub App's allow list
App developers can add IP addresses to their GitHub App registration:
1. Go to Settings > Developer settings > GitHub Apps
2. Select your app
3. Click Advanced > IP allow list
4. Add the IP addresses where your app runs

Option 2: Automatically allow GitHub App IPs (for org admins)
Organization owners can automatically allow IPs from installed GitHub Apps:
1. Go to Organization settings > Authentication security
2. In the IP allow list section, find GitHub App access
3. Enable "Allow access by GitHub Apps with an IP allow list"

Verify GitHub App access:

# Test API access with your GitHub App token
curl -H "Authorization: Bearer YOUR_APP_TOKEN" \
     -H "Accept: application/vnd.github+json" \
     https://api.github.com/orgs/YOUR_ORG/repos

Note: This requires the GitHub App to have configured its own IP allow list in its settings.

If you have a dynamic IP address that changes frequently, request a CIDR range be added instead of individual IPs:

Find your ISP's IP range:

# Check your current IP
MY_IP=$(curl -s https://api.ipify.org)
echo "Current IP: $MY_IP"

# Look up the IP range using whois
whois $MY_IP | grep -E "(CIDR|inetnum|NetRange)"

Common CIDR notations:
- /32 - Single IP (e.g., 192.168.1.1/32)
- /24 - 256 addresses (e.g., 192.168.1.0/24)
- /16 - 65,536 addresses (e.g., 192.168.0.0/16)
- /8 - 16 million addresses (e.g., 10.0.0.0/8)

For home users:
Your ISP typically assigns IPs from a specific range. Ask your ISP or check:

# Find your ISP's allocation
whois $(curl -s https://api.ipify.org) | grep -i "netname\|descr\|CIDR"

Best practice:
Use the smallest CIDR range that covers your likely IP addresses. Adding overly broad ranges defeats the security purpose of the allow list.

Consider a static IP:
Some ISPs offer static IP addresses for a small monthly fee, which simplifies allow list management.

GitHub is expanding IPv6 support. Your connection might be using IPv6 while only IPv4 addresses are in the allow list:

Check if you're using IPv6:

# Check your IPv6 address
curl -6 -s https://api64.ipify.org && echo ""

# If you get an address, you might be connecting via IPv6

Force Git to use IPv4:

# Configure Git to prefer IPv4
git config --global http.ipversion 4

# Or set it for the current session only
GIT_CURL_VERBOSE=1 git clone --ipv4 https://github.com/org/repo.git

Add IPv6 addresses to the allow list:
If your organization uses IPv6, ensure both your IPv4 and IPv6 addresses are added:

# Example allow list entries
203.0.113.50/32           # IPv4 address
2001:db8:85a3::8a2e/128   # IPv6 address

Disable IPv6 temporarily (testing only):

# On Linux (temporary)
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1

# On macOS
sudo networksetup -setv6off "Wi-Fi"

Note: Disabling IPv6 is a workaround, not a solution. The proper fix is adding your IPv6 address to the allow list.

If you're an organization administrator, verify the allow list is configured correctly:

Check allow list status:
1. Go to Organization settings > Security > Authentication security
2. Scroll to the IP allow list section
3. Verify the allow list is enabled
4. Review the list of allowed IP addresses/ranges

Use the "Check IP address" feature:
GitHub provides a tool to verify if an IP would be allowed:
1. In the IP allow list section, find "Check IP address"
2. Enter the IP address you want to verify
3. Click Check to see if it would be permitted

Common configuration issues:
- Allow list enabled but your IP not added
- Typo in IP address entry
- Using IPv4 entry when connecting via IPv6
- CIDR notation error (e.g., 192.168.1.0/24 vs 192.168.1.100/32)
- Description field used instead of IP address field

Review audit logs:

Organization Settings > Logs > Audit log
Filter by: action:ip_allow_list

This shows when IP addresses were added, removed, or when the allow list was enabled/disabled.