Blocking by IP Address¶
Typically, blocking malicious requests on a request‑by‑request basis is preferable than blocking by IP addresses. However, in some cases, using IP denylists is necessary.
IP denylists should be used in the following cases:
-
There is a need to reduce system load that was caused by the analysis of malicious requests.
-
Traffic processing is performed asynchronously.
-
There are extra resources that are not protected with Wallarm.
Blocking Methods¶
All methods have advantages and disadvantages.
Blocking with Wallarm Web Interface¶
This is the most intuitive method providing the user with a convenient graphical interface to view and modify the denylist.
Blocking with NGINX¶
This method is the most resource‑intensive one. However, it allows customizing the message that the user sees when the request is blocked.
Blocking by iptables¶
This method does not allow you to configure the error message, but it affects server performance less.
Blocking by External Firewall¶
This method does not create any load on the server but requires additional integration of denylist and firewall.
Exclude the IP Address Blocking of the Wallarm Scanner
Please note that if you use additional facilities (software or hardware) to automatically filter and block traffic, you should add the IP addresses for the scanner to the allowlist of the corresponding filtering facility in order for the Wallarm scanner to be able to freely check your resources for vulnerabilities.
Lists of the IP addresses of the scanner: