IP Rules Section: How To Use IP Management And Analysis Tool
IP Management & Analysis is basically an essential method which you can use to analyse IP address, review information concerning the blacklisted and whitelisted IP addresses and a very useful IPs management tool.
This tool is available within the Shield Security Dashboard, under the IP Rules section.
Note: Before you start using this, make sure that the Block Bad IPs/Visitors module is enabled.
How to use IP Management and Analysis tool
How to use this tool, fully depends on your requirements. The options available are as follows:
- IP Analysis dialog - you can use this to see all information pertaining to an IP address in 1 place.
- Manage IP addresses that have tripped Shield defenses - blocked (blacklisted) IPs.
- Manage IP addresses that are whitelisted, never blocked by Shield.
IP Analysis dialog
The IP Analysis dialog lets you see all information pertaining to an IP address in 1 place.
You can click the IP address you want to analyse and review the all activities related to that IP, for example:
The information available are as follows:
- General info - IP status (number of offenses, if blocked or not, if whitelisted or not, IP and ShieldNET reputation score), identifying info, IP whois.
- Bot signals
- User sessions related to this IP
- Activity logs - activities related to this IP
- Recent traffic - visitor requests (time, response code, verb)
How to review/manage blocked (blacklisted) IPs
When the Automatic IP Black List System is set, and the number of offenses exceeds the specified limit, the unwanted visitors get automatically blocked from accessing the site - their IPs get blacklisted.
The data available are as follows:
- If the IP is blacklisted or not (this depends on the number of the offenses)
- Number of offenses (your site access attempts)
- Last offense time
- The IP address
- Date/Time of your site last access attempt
- Time left before the IP get automatically removed from the blacklist
- Add/Delete the IP from the blacklist
There are x3 types of blocked IPs on this list:
These IPs are blocked automatically by the Shield's Auto Blocking System.Status: Temporarily blockedWill be auto-removed from this block list. When this will happen depends on your "Auto Block Expiration" setting under the IP Blocking section > Auto Blocking Rules.These IPs can be also removed manually from the block list.
Auto blocked IPs found on CrowdSec's list of malicious IP addresses.Status: Temporarily blockedCrowdsec downloads the latest IP once per day for their premium, and once per week for free.IPs expire at 7 days, or if CrowdSec data says specifically when to expire them.
Manually blocked IPsStatus: Blocked permanentlyCan be removed from the block list manually only.
You can filter and review/manage blocked IPs by the status. Examples:
How to remove your IP from the blocklist/blacklist
To remove your IP from the blocklist/blacklist, just click "Delete" icon for your IP and you'll be unblocked instantly.
How to add IP to the blocklist/blacklist
To add IP you want to block/blacklist, use the gear icon for additional options and select "Create New IP Rule" option and then use the form to add that IP to the blocklist.
How to review/manage whitelisted IPs
When we want to review or to manage bypassed/whitelisted IPs (IPs that are never blocked by Shield) we use the same tool as for blacklisted IPs.
The data available are as follows:
- Bypassed/whitelisted IP Address
- Date/Time of the IP being whitelisted
- Delete the IP you don't want to be whitelisted, or add a new IP address you want to whitelist
If there are no whitelisted IPs, list will be empty, and you can add them manually if you want.
How to add IP to the bypass/whitelist
To add IP you want to bypass/whitelist, use the gear icon for additional options and select "Create New IP Rule" option and then use the form to add that IP to the bypass/whitelist.
Note: When adding a label for a new whitelisted IP address, add anything you want - something you will easily recognize.
How to remove IP from the bypass/whitelist
The easiest was to do this is to filter by "Type" > select "Bypass" list. The all whitelisted IPs will be filtered out. Then click "Delete" icon for any IP you want to remove from the whitelist.
Or, search by IP and click to delete.
You can also export (download) IP Lists in .csv format if you need to. This can be done directly from within the IP Rules section > additional options:
We also recommend you to read: