Overview
StackPath allows you to blacklist traffic that originates from well-known malicious IP addresses. StackPath's Central Security Cloud constantly collects, updates, and validates these IP addresses using multiple sources. These IP addresses are blacklisted and published to all StackPath Service Nodes. With this information, you can decide to block, challenge, or allow traffic from highly suspect entities.
Below is a list of the common IP address traffic that has a potentially malicious impact on customer sites:
| Name | Description |
| Traffic via TOR Nodes | TOR nodes are commonly used for web anonymity, but can also be used by hackers, scrapers and spammers to crawl or hack web applications. |
| Traffic via Proxy Networks | Proxy networks are commonly used for web anonymity, but can also be used by hackers, scrapers and spammers to crawl or hack web applications. |
| Traffic from Hosting Services |
Organic human traffic is unlikely to originate from IP spaces belonging to hosting providers, rather, this traffic typically comes from infected servers controlled by hackers. |
| Traffic via a VPN | Virtual Private Networks (VPNs) are commonly used for web anonymity, but can also be used by hackers, scrapers and spammers to crawl or hack web applications. |
| Convicted BOT Traffic |
The IPs identified in this space are used by malicious automated agents (bots) and are not used to serve legitimate traffic. |
| Traffic from Suspicious NAT Ranges | Validate (JavaScript validation) traffic from a high-risk NAT ranges, based on historical web behavior detected by a machine learning classifier. |
| External Reputation Block List |
The IPs on this list are known to be malicious or spam based on data collected from multiple sources. |
| Traffic via CDNs | Organic human traffic is unlikely to originate from IP spaces belonging to CDN Companies. |
These rules are all enabled by default. To enable or disable a protection vector, simply click on the toggle switch to turn it off or on.