Bots & IP Rules: How To Use IP Management And Analysis Tool

IP Management & Analysis is basically an essential method which you can use to analyse IP address, review information concerning the blacklisted and whitelisted IP addresses and a very useful IPs management tool.

This tool is available within the main navigation menu > Bots & IP Rules section:

How to use IP Management and Analysis tool 

This fully depends on your own requirements. The options available are as follows:

  • IP Analysis dialog - you can use this to see all information pertaining to an IP address in 1 place.
  • Crowd-Sourced IP address blocking in partnership with CrowdSec.
  • Manage IP addresses that have tripped Shield defenses - blocked (blacklisted) IPs.
  • Manage IP addresses that are whitelisted, never blocked by Shield.

IP Analysis dialog

The IP Analysis dialog lets you see all information pertaining to an IP address in 1 place.

You can click the IP address you want to analyse and review the all activities related to that IP.

Example

The information available are as follows:

  1. General info - IP status (number of offenses, if blocked or not, if whitelisted or not, IP and ShieldNET reputation score), identifying info, IP whois.
  2. Bot signals
  3. User sessions related to this IP
  4. Activity log - activities related to this IP
  5. Recent traffic - visitor requests (time, response code, verb)

How to review/manage blocked (blacklisted) IPs

When the Automatic IP Black List System is set, and the number of offenses exceeds the specified limit, the unwanted visitors get automatically blocked from accessing the site - their IPs get blacklisted. 

The data available are as follows:

  • If the IP is blacklisted or not (this depends on the number of the offenses)
  • Number of offenses (your site access attempts)
  • Last offense time
  • The IP address
  • Date/Time of your site last access attempt
  • Time left before the IP get automatically removed from the blacklist
  • Add/Delete the IP from the blacklist

There are x3 types of blocked IPs on this list:

  1. Auto blocked

    These IPs are blocked automatically by the Shield's Auto Blocking System.

    Status: Temporarily blocked
    Will be auto-removed from this block list. When this will happen depends on your  "Auto Block Expiration" configuration.
    These IPs can be also removed manually from the block list.

  2. CrowdSec blocked

    Auto blocked IPs found on CrowdSec's list of malicious IP addresses.

    Status: Temporarily blocked
    Crowdsec downloads the latest IP once per day for their premium, and once per week for free.
    IPs expire at 7 days, or if CrowdSec data says specifically when to expire them.

  3. Manually blocked

    Manually blocked IPs

    Status: Blocked permanently
    Can be removed from the block list manually  only.

You can filter and review/manage blocked IPs by the status.

Example: Manually blocked IPs


How to remove your IP from the blocklist/blacklist

To remove your IP from the blocklist/blacklist, just click "Delete" button for your IP and you'll be unblocked instantly.

How to add IP to the blocklist/blacklist

To add IP you want to block/blacklist, use the additional actions menu and select "Create New IP Rule" option and then use the form to add that IP to the blocklist.

Example

How to review/manage whitelisted IPs

When we want to review or to manage bypassed/whitelisted IPs (IPs that are never blocked by Shield) we use the same tool as for blacklisted IPs.

The data available are as follows:

  • Bypassed/whitelisted IP Address
  • Label
  • Date/Time of the IP being whitelisted
  • Delete the IP you don't want to be whitelisted, or add a new IP address you want to whitelist

If there are no whitelisted IPs, list will be empty, and you can add them manually if you want. 

How to add IP to the bypass/whitelist

To add IP you want to bypass/whitelist, use the additional actions menu and select "Create New IP Rule" option and then use the form to add that IP to the bypass/whitelist.

Note: When adding a label for a new whitelisted IP address, add anything you want - something you will easily recognize.

How to remove IP from the bypass/whitelist

The easiest was to do this is to filter by "Type" > select "Bypass" list. The all whitelisted IPs will be filtered out. Then click "Delete" icon for any IP you want to remove from the whitelist.

Example

Or, use Search IP box to search for IP and click to delete.

Note: You can also whitelist/blacklist an IP range or automatically import a large list of IPs to Whitelist or Blacklist. Or, export (download) IP Lists in .csv format if you need to.

We also recommend you to read: