7. Access

📖 Overview

The Access module in ShieldsGuard allows administrators to control and restrict incoming traffic based on geolocation, Internet Service Providers (ISP), and ASN (Autonomous System Number). It functions as a policy engine to regulate who can reach your system based on where they come from and who provides their connection.

This module is essential for:

  • Blocking high-risk geographies

  • Allowing only selected ISPs

  • Reducing noise from unwanted regions or anonymous networks

  • Enforcing compliance and regional access policies

📌 Access Control Methods

Access rules in this module are divided into three powerful and independent filters:

🗺️ 7.1 Block Country Entry

Purpose: Block or allow access based on the visitor's country.

Functionality:

  • Select countries from a dropdown list.

  • Add them to your block list or allow list.

  • Traffic from blocked countries is denied immediately at the edge.

Use Cases:

  • Block regions associated with botnet traffic.

  • Enforce geopolitical or compliance boundaries.

  • Allow only specific country-level user bases (e.g., national infrastructure).

🌐 Geolocation is determined by IP — updated via public geo-IP databases.

🛰️ 7.2 Permission by ISP Provider Name

Purpose: Allow or block access based on the ISP name (e.g., Turk Telekom, Comcast, China Telecom).

Functionality:

  • Enter ISP names as they appear in resolved IP data.

  • Apply rule to allow only trusted networks or block known problematic ones.

Use Cases:

  • Restrict access to enterprise-level traffic from known commercial providers.

  • Block residential proxies or cloud ISP abuse sources.

  • Whitelist research institutions or infrastructure providers.

#️⃣ 7.3 Authorization by ISP Provider Number (ASN)

Purpose: Enforce access control at the Autonomous System Number (ASN) level — the unique identifier assigned to ISPs and large network blocks.

Functionality:

  • Search for and add ASN numbers to your allow or block list.

  • Highly precise — ensures targeting entire IP allocations tied to an organization.

Use Cases:

  • Block all traffic from anonymous VPN or hosting services (e.g., ASN: 15169 – Google Cloud, ASN: 8075 – Microsoft Azure)

  • Only allow traffic from ASN of government or telecom partners

  • Stop persistent attacks coming from a specific ASN

✅ ASN data provides more granularity than basic geolocation and helps isolate infrastructure-based threats.

🎛️ Configuration Summary

Access Filter
Granularity
Recommendation

Country

Broad

Use to restrict region-level access

ISP Name

Mid-level

Use for enterprise allowlists or proxy blocks

ASN Number

Fine-grained

Ideal for blocking entire provider networks

🧠 Best Practices

  • Combine filters for layered access logic: Block high-risk countries + disallow known VPN providers.

  • Use ASN blocking when IP rotation makes per-IP filtering ineffective.

  • Always allow trusted ISPs or infrastructure providers explicitly.

  • Monitor Access Logs to refine access rules over time.

🎯 The Access module is your traffic gatekeeper — allowing only the right users from the right networks, and blocking everyone else before they even touch your system.

Previous6.3 Vulnerability ScanNext8. DNS

Last updated