Management of IP addresses blocking¶
Other recommendations
Wallarm’s version of the Kubernetes Ingress controller is based on the community-supported NGINX Ingress controller for Kubernetes, so the majority of recommendations found in the official Ingress controller documentation and on the public Internet are also applicable to Wallarm’s Ingress controller.
Recommended reading:
After enabling the IP blocking functionality Wallarm will provide the following additional features:
-
If Wallarm detects at least three different attack vectors from an IP address the address is automatically added to the denylist and blocked for 1 hour. If a similar behavior from the same IP address is detected again the IP is blocked for 2 hours, etc.
-
Ability to manage the denylist of IPs from your Wallarm account UI.
-
Ability to use Wallarm to protect against behavior‑based attacks such as brute-force, path traversal attacks or forced browsing.
To enable the IP blocking functionality in the Ingress controller, please follow the instructions below:
-
Upgrade Wallarm Ingress controller Helm chart to version 1.7.0 or later from the GitHub repository (including the
values.yaml
file). -
Open the
ingress-chart/wallarm-ingress/values.yaml
file of the updated Helm chart version and set thecontroller.wallarm.acl.enabled
attribute totrue
:
controller: wallarm: acl: enabled: true
-
Apply updates to an existing Wallarm Ingress controller using the following command:
helm upgrade INGRESS_CONTROLLER_NAME VALUES_YAML_FOLDER --reuse-values
INGRESS_CONTROLLER_NAME
is the name of an existing Wallarm Ingress controller,VALUES_YAML_FOLDER
is the path to the folder with the updatedvalues.yaml
file.
Synchronization of IP blocking denylist data between the Ingress controller and Wallarm cloud is enabled.
-
Enable the IP blocking functionality for your Ingress using the following command:
kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-acl=on
YOUR_INGRESS_NAME
is the name of your Ingress.
To disable this functionality, please use the same command with the off
value:
kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-acl=off