How to use IP Management and Analysis tool

IP Management & Analysis is basically an essential method which you can use to analyse IP address, review information concerning the blacklisted and whitelisted IP addresses and a very useful management tool.

This tool is available within the Shield Security Dashboard, under the IPs & Bots > IP Rules section.

Note: Before you start using this, make sure that the Block Bad IPs/Visitors module is enabled.

How to use IP Management and Analysis tool 

On how to use this tool, fully depends on your requirements. The options available are as follows:

  • IP Analysis dialog - you can use this to see all information pertaining to an IP address in 1 place.
  • Manage IP addresses that have tripped Shield defenses.
  • Manage IP addresses that are whitelisted, never blocked by Shield.

IP Analysis dialog

The IP Analysis tool lets you see all information pertaining to an IP address in 1 place.

You can click the IP address you want to analyse and review the all activities related to that IP, for example:

The information available are as follows:

  1. General info - IP status (number of offenses, if blocked or not, if whitelisted or not), identifying info, IP whois
  2. Bot signals
  3. User session related to this IP
  4. Audit trail logs - activities related to this IP
  5. Recent traffic - visitor requests (time, response code, verb)

How to manage blocked IPs

When the Automatic IP Black List System is set, and the number of offenses exceeds the specified limit, the unwanted visitors get automatically blocked from accessing the site - their IPs get blacklisted. 

The data available are as follows:

  • If the IP is blacklisted or not (this depends on the number of the offenses)
  • Number of offenses (your site access attempts)
  • Last offense time
  • The IP address
  • Date/Time of your site last access attempt
  • Time left before the IP get automatically removed from the blacklist
  • Add/Delete the IP from the blacklist

There are x3 types of blocked IPs on this list:

  1. Auto blocked
  2. CrowdSec blocked
  3. Manually blocked

Example blocked IPs

How to manage whitelisted IPs

When we want to review or to manage bypassed/whitelisted IPs (IPs that are never blocked by Shield) we use the same tool as for blacklisted IPs. If there are no whitelisted IPs, list will be empty, and you can add them manually if you want. 

The data available are as follows:

  • Bypassed/whitelisted IP Address
  • Label
  • Date/Time of the IP being whitelisted
  • Delete the IP you don't want to be whitelisted, or add a new IP address you want to whitelist

Note: When adding a label for a new IP address, add anything you want - something you will easily recognize.

To add IP you want to bypass/whitelist, simply use the "Add New IP" option. For example

We also recommend you to read:

Note: You can also whitelist/blacklist an IP range or automatically import a large list of IPs to Whitelist or Blacklist.