Support

Hm, no, only the blacklist works both in front- and back-end. But if you only need specific IP addresses to access the site (and everyone else blocked) you are better off doing that with .htaccess or using the server's iptables firewall (I mean the Operating System firewall). Relying on PHP for extensive IP whitelisting is a bit counterproductive.

Oh, I of course missed the obvious: Password protection. You can actually password protect the folders the sites are in. Therefore, the shop owners can supply their username and password before they can see the sites.

There are more solutions, like accessing the sites only over a secure VPN and other similar things... It all depends on how complex and how secure your setup needs to be.

In any case, IP whitelisting is the least effective way to achieve what you want.

Ah, I can see what you're trying to set up. The best solutions in your case would be:
- Setting up VPN between the shops and the servers. This is the most secure and doesn't require people to muck around with IP settings. Since you are essentially setting up an Extranet, this is the recommended way to go.
- IP whitelisting at the Operating System level. This, however, requires an on-call technician to edit the allowed IP ranges. However, this is a huge task and would only work trouble-free if all computers used to access the sites have static IPs.

So, I'd strongly recommend going the VPN route.

Please note that all other methods, including IP whitelisting at the Joomla! level, are not reliable for your kind of application. It is perfectly conceivable that an intruder can actually exploit those sites. Using the VPN or OS-level IP whitelisting you have blocked out all requests coming from potential attackers, ensuring your Extranet's security.