# 7. Access #### πŸ“– Overview The **Access** module in ShieldsGuard allows administrators to control and restrict incoming traffic based on **geolocation, Internet Service Providers (ISP), and ASN (Autonomous System Number)**. It functions as a policy engine to regulate who can reach your system based on **where they come from and who provides their connection**. This module is essential for: * Blocking high-risk geographies * Allowing only selected ISPs * Reducing noise from unwanted regions or anonymous networks * Enforcing compliance and regional access policies *** #### πŸ“Œ Access Control Methods Access rules in this module are divided into three powerful and independent filters: ***
#### πŸ—ΊοΈ 7.1 Block Country Entry **Purpose:**\ Block or allow access based on the visitor's country. **Functionality:** * Select countries from a dropdown list. * Add them to your **block list** or **allow list**. * Traffic from blocked countries is denied immediately at the edge. **Use Cases:** * Block regions associated with botnet traffic. * Enforce geopolitical or compliance boundaries. * Allow only specific country-level user bases (e.g., national infrastructure). > 🌐 Geolocation is determined by IP β€” updated via public geo-IP databases. ***
#### πŸ›°οΈ 7.2 Permission by ISP Provider Name **Purpose:**\ Allow or block access based on the **ISP name** (e.g., Turk Telekom, Comcast, China Telecom). **Functionality:** * Enter ISP names as they appear in resolved IP data. * Apply rule to allow only trusted networks or block known problematic ones. **Use Cases:** * Restrict access to enterprise-level traffic from known commercial providers. * Block residential proxies or cloud ISP abuse sources. * Whitelist research institutions or infrastructure providers. ***
#### #️⃣ 7.3 Authorization by ISP Provider Number (ASN) **Purpose:**\ Enforce access control at the **Autonomous System Number (ASN)** level β€” the unique identifier assigned to ISPs and large network blocks. **Functionality:** * Search for and add ASN numbers to your allow or block list. * Highly precise β€” ensures targeting **entire IP allocations** tied to an organization. **Use Cases:** * Block all traffic from anonymous VPN or hosting services (e.g., ASN: 15169 – Google Cloud, ASN: 8075 – Microsoft Azure) * Only allow traffic from ASN of government or telecom partners * Stop persistent attacks coming from a specific ASN > βœ… ASN data provides more granularity than basic geolocation and helps isolate infrastructure-based threats. *** #### πŸŽ›οΈ Configuration Summary | Access Filter | Granularity | Recommendation | | ------------- | ------------ | --------------------------------------------- | | Country | Broad | Use to restrict region-level access | | ISP Name | Mid-level | Use for enterprise allowlists or proxy blocks | | ASN Number | Fine-grained | Ideal for blocking entire provider networks | *** #### 🧠 Best Practices * Combine filters for layered access logic: Block high-risk countries + disallow known VPN providers. * Use ASN blocking when IP rotation makes per-IP filtering ineffective. * Always allow trusted ISPs or infrastructure providers explicitly. * Monitor Access Logs to refine access rules over time. *** > 🎯 The Access module is your **traffic gatekeeper** β€” allowing only the right users from the right networks, and blocking everyone else before they even touch your system. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.shieldsguard.com/getting-started/7.-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.