7. Access
π Overview
The Access module in ShieldsGuard allows administrators to control and restrict incoming traffic based on geolocation, Internet Service Providers (ISP), and ASN (Autonomous System Number). It functions as a policy engine to regulate who can reach your system based on where they come from and who provides their connection.
This module is essential for:
Blocking high-risk geographies
Allowing only selected ISPs
Reducing noise from unwanted regions or anonymous networks
Enforcing compliance and regional access policies
π Access Control Methods
Access rules in this module are divided into three powerful and independent filters:
πΊοΈ 7.1 Block Country Entry
Purpose: Block or allow access based on the visitor's country.
Functionality:
Select countries from a dropdown list.
Add them to your block list or allow list.
Traffic from blocked countries is denied immediately at the edge.
Use Cases:
Block regions associated with botnet traffic.
Enforce geopolitical or compliance boundaries.
Allow only specific country-level user bases (e.g., national infrastructure).
π Geolocation is determined by IP β updated via public geo-IP databases.
π°οΈ 7.2 Permission by ISP Provider Name
Purpose: Allow or block access based on the ISP name (e.g., Turk Telekom, Comcast, China Telecom).
Functionality:
Enter ISP names as they appear in resolved IP data.
Apply rule to allow only trusted networks or block known problematic ones.
Use Cases:
Restrict access to enterprise-level traffic from known commercial providers.
Block residential proxies or cloud ISP abuse sources.
Whitelist research institutions or infrastructure providers.
#οΈβ£ 7.3 Authorization by ISP Provider Number (ASN)
Purpose: Enforce access control at the Autonomous System Number (ASN) level β the unique identifier assigned to ISPs and large network blocks.
Functionality:
Search for and add ASN numbers to your allow or block list.
Highly precise β ensures targeting entire IP allocations tied to an organization.
Use Cases:
Block all traffic from anonymous VPN or hosting services (e.g., ASN: 15169 β Google Cloud, ASN: 8075 β Microsoft Azure)
Only allow traffic from ASN of government or telecom partners
Stop persistent attacks coming from a specific ASN
β ASN data provides more granularity than basic geolocation and helps isolate infrastructure-based threats.
ποΈ Configuration Summary
Country
Broad
Use to restrict region-level access
ISP Name
Mid-level
Use for enterprise allowlists or proxy blocks
ASN Number
Fine-grained
Ideal for blocking entire provider networks
π§ Best Practices
Combine filters for layered access logic: Block high-risk countries + disallow known VPN providers.
Use ASN blocking when IP rotation makes per-IP filtering ineffective.
Always allow trusted ISPs or infrastructure providers explicitly.
Monitor Access Logs to refine access rules over time.
π― The Access module is your traffic gatekeeper β allowing only the right users from the right networks, and blocking everyone else before they even touch your system.
Last updated