# 4.1 BlackList & WhiteList

#### 🧭 Overview

The **BlackList & WhiteList** module in ShieldsGuard gives administrators the power to allow or block specific IP addresses from accessing the protected website or application. This forms the most fundamental and direct layer of access control in your security policy.

With this module, traffic can be explicitly permitted (whitelisted) or denied (blacklisted), regardless of WAF, DDoS, or any other protection mechanisms in place.

***

#### ✅ Allowed IP Addresses (Whitelist)

This section allows you to define IPs or ranges that should **bypass all protection engines** — including:

* Web Application Firewall (WAF)
* DDoS Protection
* Rate Limiting
* Behavior-based Blocking

<figure><img src="https://1888569782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fj6f1XtdOtNUZVCRH9J44%2Fuploads%2F0tiBJnE3J7LXWrBil2u4%2Fimage.png?alt=media&#x26;token=e25818cc-400f-4ee1-9d36-af1d5fdcf429" alt=""><figcaption></figcaption></figure>

**Use Cases:**

* Trusted internal IPs (corporate office, VPNs)
* Monitoring systems or uptime checkers
* Developers or testers who should never be blocked
* Third-party services with known IPs (e.g., Stripe, PayPal, Cloud providers)

**Example:**

```
203.0.113.42
10.10.0.0/16
```

> ⚠️ Whitelisted IPs are treated as **fully trusted** — ensure they are secure and properly scoped.

***

#### 🚫 Blocked IP Addresses (Blacklist)

This section allows you to **completely ban IPs or ranges** from accessing the site. Any request from a blacklisted IP will be dropped immediately.

**Use Cases:**

* Known malicious actors
* Repeated brute-force or spam sources
* IPs flagged by threat intelligence
* Abuse reports or geo-blocking by range

<figure><img src="https://1888569782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fj6f1XtdOtNUZVCRH9J44%2Fuploads%2FdtvHbdeXqpmGB2ClPxjU%2Fimage.png?alt=media&#x26;token=11b74d6b-28e0-47d9-8c2e-9a04cfc78fbe" alt=""><figcaption></figcaption></figure>

**Example:**

```
192.168.100.23
203.0.113.0/24
```

> 🔒 Blacklist takes absolute precedence — blocked IPs cannot bypass via any other setting.

***

#### 🔧 How to Use

1. Go to **Security Rules > BlackList & WhiteList**
2. Switch between **Allowed IP Addresses** or **Blocked IP Addresses**
3. Click “Add IP Address”
4. Enter:
   * Single IP (e.g., `192.0.2.10`)
   * IP Range / CIDR (e.g., `192.0.2.0/24`)
5. Save

Changes take effect immediately and will be logged in traffic analytics.

***

#### 🔍 Search and Manage

* You can **search** IPs using the search bar
* Use **bulk selection** for mass deletion or editing
* Logs will indicate whether a request was blocked or allowed due to IP rule

***

#### 📌 Best Practices

| Situation                  | Recommendation                       |
| -------------------------- | ------------------------------------ |
| Allow internal staff       | Whitelist static corporate IPs       |
| Prevent botnets & scrapers | Use blacklists with CIDR blocks      |
| Integrate threat feeds     | Automate blacklist entries via API   |
| Avoid accidental lockout   | Whitelist your own IP before testing |

***

> 🛡️ IP-level control is your first line of defense. Use it to allow what you trust, and block what you know to be harmful.