Static IPs for external whitelists

The issue

Some external services that you might want to connect to from your PythonAnywhere code use IP whitelisting as a security measure. For example, if you have a Microsoft SQL Server on Azure, the normal configuration would require that you enter the specific IP addresses of all machines that will connect to it into the server's configuration.

This can cause problems when you try to connect from code running on PythonAnywhere. The actual IP address associated with running code is not fixed -- your code can run on one of many different servers, with no fixed IP address.

The solutions


If you have money to pay for a solution, one product that several customers have used successfully Statica from QuotaGuard. They provide a kind of static-IP-as-a-service. You rent the IP address from them, and they provide a wrapper script that you can use to run your code, which tunnels all access to external IPs from that code over a proxy on that IP address. One caveat if you're connecting to an MS SQL server database: it appears to work well with pymssql, but not with pbodbc.

Dynamically-changing your whitelisted IPs.

If you have some kind of API that allows you to whitelist specific IPs using a side-channel (eg. if your database is on Amazon Web Services, then you can use boto) then you could write a bit of code that gets the current IP where your code is running, for example by using requests to access IPify, and then whitelist the IP address dynamically when your script starts up.

The excessive whitelist

If all else fails, you can consider whitelisting all of Amazon's us-east-1 datacenter. We really don't recommend this, though -- there are a lot of IP addresses in their range, the servers could be rented out to hackers who are trying to get into databases like yours, and anyway the list is subject to change. Still, if you decide to go for this option, here's a link to the IP ranges list.