An allowlist (formerly often called a whitelist) is a security pattern that uses a default-deny approach: only sources you explicitly approve are permitted, and everything else is rejected. In incident management and monitoring, allowlists help teams control who can reach you and who can probe your systems. This helps to reduce noise, abuse, and false alerts.
Allowlist vs. whitelist
For many years, engineers spoke of whitelisting approved traffic and blacklisting unwanted traffic. That wording is still common in firewalls and vendor docs, but the industry has largely moved to allowlist and blocklist, clearer and more inclusive language for the same technical idea. Functionally, an allowlist is what a whitelist was: a list of permitted entries.
Key benefits of allowlisting
- Reduced attack surface: Unknown callers or clients cannot reach sensitive on-call or production paths.
- Less alert noise: Monitoring probes from unapproved networks are blocked before they can skew uptime checks.
- Compliance-friendly access control: Documents exactly which numbers or networks are authorized to interact with your incident hotline or monitored endpoints.
Allowlisting in Live Call Routing
In Live Call Routing, an allowlist restricts inbound callers. When configured on your call-routing number, only phone numbers or prefixes that match the allowlist are connected to your on-call flow. Everyone else is rejected immediately. The call ends with outcome Blocklisted in call logs, with no welcome message, no on-call dialing, and no incident is created.
Entries use international format (E.164), for example +1 for North America or a full number like +4915124688123. Prefix matching is supported: +49 allows any German caller whose number starts with that country code. If the allowlist is empty, all callers are permitted unless blocked by a blocklist.
Allowlisting All Quiet IP addresses (HTTP & Ping monitoring)
Allowlisting also applies in the opposite direction for website monitoring. When All Quiet runs an HTTP monitor or Ping monitor against your application, requests originate from All Quiet's outbound IP addresses. If your site sits behind a firewall, WAF, or IP-restricted load balancer, you must allowlist All Quiet's probe IPs so checks can reach your endpoint. Without that, monitors may report false downtime even when your service is healthy.
In the HTTP and Ping monitor settings in All Quiet, you'll find a link to our published outbound IP list. Add those addresses to your firewall or security group allowlist. It is the same concept as caller allowlisting, but for network traffic instead of phone numbers.
The All Quiet bridge
All Quiet supports allowlists in two practical places: Call Routing → Caller allow & block lists for Live Call Routing numbers, and documented outbound IPs for inbound HTTP and Ping monitoring. Together they let you define who may call your incident line and which networks may health-check your services, using one consistent allowlist mental model across voice and monitoring.
