Overview
You can use this document to learn how to allow (whitelist) or block (blacklist) IP addresses.
In the StackPath Control Portal, there are two editors to use:
- IP firewall editor
- This editor is designed for less technical users who would prefer a straight-forward, simple tool to allow or block IP addresses.
- WAF rule editor
- This editor is designed for advanced users who want to create if / then statements to create rules.
- In addition to allowing or blocking IP addresses, you can use the WAF rule editor to create more complicated rules, such as filtering requests from specified countries or organizations. To learn more about the WAF rule editor, see WAF Rules Explained.
StackPath's plans include a number of WAF custom rules available (vary based on the plan), firewall rules are not counted as custom rules and are free for any plan that includes the StackPath WAF product.
(Advanced users) Allow or block an IP address with the WAF rule editor
You can use the WAF rule editor to create additional, more complex rules besides allow / block rules. To learn more, see Create Custom WAF Rules.
- In the StackPath Control Portal, in the left-side navigation menu, click Sites.
- Locate and select the desired site.
- This action will refresh the portal.
- In the left-side navigation menu, click EdgeRules.
- Navigate to Custom Rules, and then click Add WAF Rule.
- In Rule Name, enter a descriptive name.
- Under Rule Status, use the slider to immediately enable or disable the rule.
- As an option, you can create a disabled rule, and then at a later time, you can enable the rule.
- Under Rule Type, select WAF.
- Next to If:
- For an IP range:
- In the first drop-down menu, select IP range.
- In the next drop-down menu:
- To apply the rule only to the specified IP range, select -- .
- To apply the rule to every IP address except for the specified IP range, select Not.
- In the next drop-down menu, enter the first address of the range.
- In the next drop-down menu, enter the last address of the range.
- For a single or multiple IP addresses:
- In the first drop-down menu, select IP.
- In the next drop-down menu:
- To apply the rule only to the specified IP address, select -- .
- To apply the rule to every IP address except for the specified IP address, select Not.
- In the field, enter the IP address to allow or to block.
- To enter multiple IP addresses, separate each address with a comma.
- You cannot enter a subnet.
- For an IP range:
- Next to Then, select Allow or Block.
- Click Save Rule.
(Non-advanced users) Allow or block an IP address with the IP firewall editor
- In the StackPath Control Portal, in the left-side navigation menu, click Sites.
- Locate and select the desired site.
- This action will refresh the portal.
- In the left-side navigation menu, click Firewall.
- To allow or block an IP address or IP address range, in Allowed IPs or Block IPs, click the corresponding Add IP/IP Range.
- In the first field, enter an IP address.
- You cannot enter a subnet.
- To add an IP address range, then in the first field, enter the first address of the range.
- In the second field, enter the last address of the range.
- Enter a brief description, and then click Save.
This rule will display in both the Firewall screen, as well as in the EdgeRules screen, specifically under the Custom Rules section. In Custom Rules, the rule will display as an if / then condition. You can use this information to understand how to create rules with the more advanced WAF rule editor.
Update or delete an IP rule with the IP firewall editor
- In the StackPath Control Portal, in the left-side navigation menu, click Sites.
- Locate and select the desired site.
- This action will refresh the portal.
- In the left-side navigation menu, click Firewall.
- Locate the desired rule.
- To enable or disable a rule, under Status, move the slider to enable or disable the rule.
- To edit or delete a rule, under Action, click the corresponding ellipses, click Edit or Delete, make your changes, and then confirm your changes.
Enable or disable an IP rule with the WAF rule editor
To enable or disable an IP rule, you must use the WAF rule editor. You cannot enable or disable an IP rule with the IP firewall editor.
- In the StackPath Control Portal, in the left-side navigation menu, click Sites.
- Locate and select the desired site.
- This action will refresh the portal.
- In the left-side navigation menu, click EdgeRules.
- Navigate to Custom Rules.
- Under Status, move the slider to enable or disable the rule.