4.1 BlackList & WhiteList

Previous4. Security Rules Next4.2 User Agent Filtering

Last updated 9 days ago

4.1 BlackList & WhiteList

🧭 Overview

The BlackList & WhiteList module in ShieldsGuard gives administrators the power to allow or block specific IP addresses from accessing the protected website or application. This forms the most fundamental and direct layer of access control in your security policy.

With this module, traffic can be explicitly permitted (whitelisted) or denied (blacklisted), regardless of WAF, DDoS, or any other protection mechanisms in place.

✅ Allowed IP Addresses (Whitelist)

This section allows you to define IPs or ranges that should bypass all protection engines — including:

Web Application Firewall (WAF)
DDoS Protection
Rate Limiting
Behavior-based Blocking

Use Cases:

Trusted internal IPs (corporate office, VPNs)
Monitoring systems or uptime checkers
Developers or testers who should never be blocked
Third-party services with known IPs (e.g., Stripe, PayPal, Cloud providers)

Example:

203.0.113.42
10.10.0.0/16

⚠️ Whitelisted IPs are treated as fully trusted — ensure they are secure and properly scoped.

🚫 Blocked IP Addresses (Blacklist)

This section allows you to completely ban IPs or ranges from accessing the site. Any request from a blacklisted IP will be dropped immediately.

Use Cases:

Known malicious actors
Repeated brute-force or spam sources
IPs flagged by threat intelligence
Abuse reports or geo-blocking by range

Example:

192.168.100.23
203.0.113.0/24

🔒 Blacklist takes absolute precedence — blocked IPs cannot bypass via any other setting.

🔧 How to Use

Go to Security Rules > BlackList & WhiteList
Switch between Allowed IP Addresses or Blocked IP Addresses
Click “Add IP Address”
Enter:
- Single IP (e.g., 192.0.2.10)
- IP Range / CIDR (e.g., 192.0.2.0/24)
Save

Changes take effect immediately and will be logged in traffic analytics.

🔍 Search and Manage

You can search IPs using the search bar
Use bulk selection for mass deletion or editing
Logs will indicate whether a request was blocked or allowed due to IP rule

📌 Best Practices

Situation

Recommendation

Allow internal staff

Whitelist static corporate IPs

Prevent botnets & scrapers

Use blacklists with CIDR blocks

Integrate threat feeds

Automate blacklist entries via API

Avoid accidental lockout

Whitelist your own IP before testing

🛡️ IP-level control is your first line of defense. Use it to allow what you trust, and block what you know to be harmful.

Previous4. Security Rules Next4.2 User Agent Filtering

Last updated 9 days ago

🧭 Overview

With this module, traffic can be explicitly permitted (whitelisted) or denied (blacklisted), regardless of WAF, DDoS, or any other protection mechanisms in place.

✅ Allowed IP Addresses (Whitelist)

This section allows you to define IPs or ranges that should bypass all protection engines — including:

Web Application Firewall (WAF)
DDoS Protection
Rate Limiting
Behavior-based Blocking

Use Cases:

Trusted internal IPs (corporate office, VPNs)
Monitoring systems or uptime checkers
Developers or testers who should never be blocked
Third-party services with known IPs (e.g., Stripe, PayPal, Cloud providers)

Example:

203.0.113.42
10.10.0.0/16

⚠️ Whitelisted IPs are treated as fully trusted — ensure they are secure and properly scoped.

🚫 Blocked IP Addresses (Blacklist)

This section allows you to completely ban IPs or ranges from accessing the site. Any request from a blacklisted IP will be dropped immediately.

Use Cases:

Known malicious actors
Repeated brute-force or spam sources
IPs flagged by threat intelligence
Abuse reports or geo-blocking by range

Example:

192.168.100.23
203.0.113.0/24

🔒 Blacklist takes absolute precedence — blocked IPs cannot bypass via any other setting.

🔧 How to Use

Go to Security Rules > BlackList & WhiteList
Switch between Allowed IP Addresses or Blocked IP Addresses
Click “Add IP Address”
Enter:
- Single IP (e.g., 192.0.2.10)
- IP Range / CIDR (e.g., 192.0.2.0/24)
Save

Changes take effect immediately and will be logged in traffic analytics.

🔍 Search and Manage

You can search IPs using the search bar
Use bulk selection for mass deletion or editing
Logs will indicate whether a request was blocked or allowed due to IP rule

📌 Best Practices

Situation

Recommendation

Allow internal staff

Whitelist static corporate IPs

Prevent botnets & scrapers

Use blacklists with CIDR blocks

Integrate threat feeds

Automate blacklist entries via API

Avoid accidental lockout

Whitelist your own IP before testing

🛡️ IP-level control is your first line of defense. Use it to allow what you trust, and block what you know to be harmful.