I saw this before. My first impression is to discourage the use of a remote cloud server, which will be very slow because of the large amount of secure pinging that occurs (which won't be accelerated on a satellite network), and it will potentially use up all of your data very quickly. Also, cloud servers/hosting sites are notorious for being targets for hacking, malware, and other miscreants trying to mask their deeds behind an anonymous (and dynamic) IP. [I'm looking at you Amazon, Microsoft, Oracle, OVH, DigtalOcean...] First, you'll go absolutely nuts trying to filter by IP range, mainly because it changes (as you know), and secondly because it doesn't only show up as IPv6. Sometimes the IPv4 gets recognized instead - I've seen this happen on Wordpress sites. The answer is going to be complicated because it's out of your control, and secondly it doesn't rule out the fact that you're still allowing others on the broader network to gain access. You're only going to gain a small amount of security. Second, what if you need to access it from a mobile location for some reason (you go on travel somewhere, etc.), which means you'd have to add the range for your phone carrier if you're using a mobile hotspot, making the whole thing vastly insecure... You would not believe the amount of absolute hijinks I see coming from mobile IPs from phones with malware on them. Your best bet is to forget IP filtering entirely. If you had a way to use MAC address filtering and a way to manage it that'd be much better because you'd be restricting devices, not IPs. Even better would be to augment your authentication with a 2FA system using Google Authenticator. That way you can guarantee the user's login and MAC address weren't spoofed, and the user was able to provide the correct RSA code in the past 60 seconds.
... View more