Management of IP addresses blocking¶
Other recommendations
Wallarm’s version of the Kubernetes Ingress controller is based on the community-supported NGINX Ingress controller for Kubernetes, so the majority of recommendations found in the official Ingress controller documentation and on the public Internet are also applicable to Wallarm’s Ingress controller.
Recommended reading:
After enabling the IP blocking functionality Wallarm will provide the following additional features:
-
If Wallarm detects at least three different attack vectors from an IP address the address is automatically added to the denylist and blocked for 1 hour. If a similar behavior from the same IP address is detected again the IP is blocked for 2 hours, etc.
-
Ability to manage the denylist of IPs from your Wallarm account UI.
-
Ability to use Wallarm to protect against behavior‑based attacks such as brute-force, path traversal attacks or forced browsing.
To enable the IP blocking functionality in the Ingress controller, please follow the instructions below:
-
Upgrade Wallarm Ingress controller Helm chart to version 1.7.0 or later from the GitHub repository (including the
values.yamlfile). -
Open the
ingress-chart/wallarm-ingress/values.yamlfile of the updated Helm chart version and set thecontroller.wallarm.acl.enabledattribute totrue:
-
Apply updates to an existing Wallarm Ingress controller using the following command:
INGRESS_CONTROLLER_NAMEis the name of an existing Wallarm Ingress controller,VALUES_YAML_FOLDERis the path to the folder with the updatedvalues.yamlfile.
Synchronization of IP blocking denylist data between the Ingress controller and Wallarm cloud is enabled.
-
Enable the IP blocking functionality for your Ingress using the following command:
YOUR_INGRESS_NAMEis the name of your Ingress.
To disable this functionality, please use the same command with the off value: