Disabling IP Address Blocking for the Wallarm Scanner¶
Note that if you use the blocking mode of the filter node (the
wallarm_mode directive) by default when detecting malicious requests, you must explicitly specify for the Wallarm scanner a list of IP addresses from which requests should not be blocked.
Suppose the following blocking settings are set in the NGINX configuration file:
off directive is used keep each IP address reserved for the Wallarm scanner from being blocked.
The Wallarm Scanner IP Addresses
Lists of the IP addresses for the scanner:
To avoid overloading the NGINX configuration file, you can make a list of the IP addresses for the scanner in a separate file and then add its contents to the configuration file using the
For example, create the
Now use the
include directive to include this list in the required block of the configuration file:
Using Additional Traffic Filtering Facilities
Note that if you use additional facilities (software or hardware) to automatically filter and block traffic, it is also recommended that you configure an allowlist with the IP addresses for the Wallarm scanner.