IP Rules Section: How To Use IP Management And Analysis Tool

IP Management & Analysis is basically an essential method which you can use to analyse IP address, review information concerning the blacklisted and whitelisted IP addresses and a very useful IPs management tool.

This tool is available within the Shield Security Dashboard, under the IP Rules section.

Note: Before you start using this, make sure that the Block Bad IPs/Visitors module is enabled.

How to use IP Management and Analysis tool 

How to use this tool, fully depends on your requirements. The options available are as follows:

  • IP Analysis dialog - you can use this to see all information pertaining to an IP address in 1 place.
  • Manage IP addresses that have tripped Shield defenses - blocked (blacklisted) IPs.
  • Manage IP addresses that are whitelisted, never blocked by Shield.

IP Analysis dialog

The IP Analysis dialog lets you see all information pertaining to an IP address in 1 place.

You can click the IP address you want to analyse and review the all activities related to that IP, for example:

The information available are as follows:

  1. General info - IP status (number of offenses, if blocked or not, if whitelisted or not, IP and ShieldNET reputation score), identifying info, IP whois.
  2. Bot signals
  3. User sessions related to this IP
  4. Activity logs - activities related to this IP
  5. Recent traffic - visitor requests (time, response code, verb)

How to review/manage blocked (blacklisted) IPs

When the Automatic IP Black List System is set, and the number of offenses exceeds the specified limit, the unwanted visitors get automatically blocked from accessing the site - their IPs get blacklisted. 

The data available are as follows:

  • If the IP is blacklisted or not (this depends on the number of the offenses)
  • Number of offenses (your site access attempts)
  • Last offense time
  • The IP address
  • Date/Time of your site last access attempt
  • Time left before the IP get automatically removed from the blacklist
  • Add/Delete the IP from the blacklist

There are x3 types of blocked IPs on this list:

  1. Auto blocked

    These IPs are blocked automatically by the Shield's Auto Blocking System.

    Status: Temporarily blocked
    Will be auto-removed from this block list. When this will happen depends on your  "Auto Block Expiration" setting under the IP Blocking section > Auto Blocking Rules.
    These IPs can be also removed manually from the block list.

  2. CrowdSec blocked

    Auto blocked IPs found on CrowdSec's list of malicious IP addresses.

    Status: Temporarily blocked
    Crowdsec downloads the latest IP once per day for their premium, and once per week for free.
    IPs expire at 7 days, or if CrowdSec data says specifically when to expire them.

  3. Manually blocked

    Manually blocked IPs

    Status: Blocked permanently
    Can be removed from the block list manually  only.

You can filter and review/manage blocked IPs by the status. Examples:

Auto Block

Manual Block

CrowdSec

How to remove your IP from the blocklist/blacklist

To remove your IP from the blocklist/blacklist, just click "Delete" icon for your IP and you'll be unblocked instantly.

How to add IP to the blocklist/blacklist

To add IP you want to block/blacklist, use the gear icon for additional options and select "Create New IP Rule" option and then use the form to add that IP to the blocklist.

How to review/manage whitelisted IPs

When we want to review or to manage bypassed/whitelisted IPs (IPs that are never blocked by Shield) we use the same tool as for blacklisted IPs.

The data available are as follows:

  • Bypassed/whitelisted IP Address
  • Label
  • Date/Time of the IP being whitelisted
  • Delete the IP you don't want to be whitelisted, or add a new IP address you want to whitelist

If there are no whitelisted IPs, list will be empty, and you can add them manually if you want. 

How to add IP to the bypass/whitelist

To add IP you want to bypass/whitelist, use the gear icon for additional options and select "Create New IP Rule" option and then use the form to add that IP to the bypass/whitelist.

Note: When adding a label for a new whitelisted IP address, add anything you want - something you will easily recognize.

How to remove IP from the bypass/whitelist

The easiest was to do this is to filter by "Type" > select "Bypass" list. The all whitelisted IPs will be filtered out. Then click "Delete" icon for any IP you want to remove from the whitelist.

Example

Or, search by IP and click to delete.

Example

Note: You can also whitelist/blacklist an IP range or automatically import a large list of IPs to Whitelist or Blacklist.

You can also export (download) IP Lists in .csv format if you need to. This can be done directly from within the IP Rules section > additional options:

We also recommend you to read: