Skip to content

IP address allowlist

Allowlist is a list of trusted IP addresses that are allowed to access your applications even if requests originated from them contain attack signs. Since the allowlist has the highest priority among other lists, the filtering node in any filtration mode will not block requests originated from allowlisted IP addresses.

In the Wallarm Console → IP listsAllowlist, you can manage allowlisted IP addresses as follows:

  • Add a single IP address or a subnet

  • Add a group of IP addresses registered in a specific country/region, data center, network, etc.

  • Customize the time and reason for storing the IP address in the list

  • Delete IP address from the list

  • Review the history of list changes

IP allowlist

Old name of the list

The old name of the IP address allowlist is "IP address whitelist".

Examples of IP allowlist usage

If you use other trusted tools that originate potentially malicious requests, it is necessary to manually add source IPs of these tools to the allowlist.

Adding an object to the list

Adding an IP address to the list on the multi-tenant node

If you have installed the multi-tenant node, please firstly switch to the account of a tenant for which the IP address is added to the list.

To add an IP address, subnet, or group of IP addresses to the list:

  1. Open Wallarm Console → IP listsAllowlist and click the Add object button.

  2. From the drop-down list, select the list to add the new object to.

  3. Specify an IP address or group of IP addresses in one of the following ways:

    • Input a single IP address or a subnet

      Supported subnet masks

      The supported maximum subnet mask is /32 for IPv6 addresses and /12 for IPv4 addresses.

    • Select a country or a region (geolocation) to add all IP addresses registered in this country or region

    • Select the source type to add all IP addresses that belong to this type, e.g.:

  4. Select the applications to which you allow or restrict access for the specified IP addresses.

  5. Select the period for which an IP address or a group of IP addresses should be added to the list. The minimum value is 5 minutes, the maximum value is forever.

  6. Specify the reason for adding an IP address or a group of IP addresses to the list.

Add IP to the list (with app)

API calls to get, populate and delete IP list objects

To get, populate and delete IP list objects, you can call the Wallarm API directly besides using the Wallarm Console UI. Below are some examples of the corresponding API calls.

API request parameters

Parameters to be passed in the API requests to read and change IP lists:

Parameter Description
X-WallarmApi-Token Token to access Wallarm API, copy it from Wallarm Console → SettingsAPI tokens.
clientid ID of an account in Wallarm Cloud to populate/read IP list.
ip_rule.list The IP list type to add objects, can be: black (for denylist), white (for allowlist), gray (for graylist).
ip_rule.rule_type The type of objects to add to the list:
  • ip_range if adding particular IPs or subnets
  • country if adding countries or regions
  • proxy_type if adding proxy services (VPN, SES, PUB, WEB, TOR)
  • datacenter for other source types (rackspace, tencent, plusserver, ovh, oracle, linode, ibm, huawei, hetzner, gce, azure, aws, alibaba)
ip_rule.subnet
(rule_type:"ip_range")		 IP or subnet to add to the list, e.g. "1.1.1.1".
ip_rule.source_values
(for other rule_type values)		 One of the options:
  • If rule_type:"country" - array of countries in the ISO-3166 format, e.g. ["AX","AL"].
  • If rule_type:"proxy_type" - array of proxy services, e.g. ["VPN","PUB"].
  • If rule_type:"datacenter" - array of other source types, e.g. ["rackspace","huawei"].
ip_rule.pools Array of application IDs to allow or restrict access for IPs, e.g. [3,4] for applications IDs 3 and 4 or [0] for all applications.
ip_rule.expired_at Unix Timestamp date for IPs to be removed from the list. The maximum value is forever (33223139044).
reason Reason to allow or restrict access for IPs.
force If true and some objects specified in the request are already in the IP list, the script will overwrite them.

Add to the list the entries from the .csv file

To add to the list the IPs or subnets from the .csv file, use the following bash script:

#!/bin/bash

UUID="<YOUR_UUID>"
SECRET="<YOUR_SECRET_KEY>"
CLIENT="<YOUR_CLIENT_ID>"
LIST="<TYPE_OF_IP_LIST>"
PATH_TO_CSV_FILE="<PATH_TO_CSV_FILE>" # path to the CSV file with IPs or subnets
APPLICATIONS="<APP_IDS_THROUGH_COMMA>"
REMOVE_DATE="TIMESTAMP_REMOVE_DATE"
REASON='<REASON>'
API="us1.api.wallarm.com"


index=0
while read line; do
    subnets[$index]="$line"
    index=$(($index+1))
done < "$PATH_TO_CSV_FILE"


for i in ${subnets[@]}; do
    currentDate=`date -u +%s`
    time=$REMOVE_DATE
    remove_date=$(($currentDate+$time))

curl -X POST \
https://$API/v4/ip_rules \
-H "Content-Type: application/json" \
-H "X-WallarmApi-Token: <YOUR_TOKEN>"  \
-d '{
"clientid": '$CLIENT',
"ip_rule": {
    "list": "'$LIST'",
    "rule_type": "ip_range",
    "subnet": "'$i'",
    "expired_at": '$remove_date',
    "pools": [
        '$APPLICATIONS'
    ],
    "reason": "'"$REASON"'"
},
"force": false
}'

done

#!/bin/bash

UUID="<YOUR_UUID>"
SECRET="<YOUR_SECRET_KEY>"
CLIENT="<YOUR_CLIENT_ID>"
LIST="<TYPE_OF_IP_LIST>"
PATH_TO_CSV_FILE="<PATH_TO_CSV_FILE>" # path to the CSV file with IPs or subnets
APPLICATIONS="<APP_IDS_THROUGH_COMMA>"
REMOVE_DATE="TIMESTAMP_REMOVE_DATE"
REASON='<REASON>'
API="api.wallarm.com"


index=0
while read line; do
    subnets[$index]="$line"
    index=$(($index+1))
done < "$PATH_TO_CSV_FILE"


for i in ${subnets[@]}; do
    currentDate=`date -u +%s`
    time=$REMOVE_DATE
    remove_date=$(($currentDate+$time))

curl -X POST \
https://$API/v4/ip_rules \
-H "Content-Type: application/json" \
-H "X-WallarmApi-Token: <YOUR_TOKEN>"  \
-d '{
"clientid": '$CLIENT',
"ip_rule": {
    "list": "'$LIST'",
    "rule_type": "ip_range",
    "subnet": "'$i'",
    "expired_at": '$remove_date',
    "pools": [
        '$APPLICATIONS'
    ],
    "reason": "'"$REASON"'"
},
"force": false
}'

done

Add to the list a single IP or subnet

To add particular IPs or subnets to the IP list, send the following request for each IP/subnet:

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"force":false,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>","pools":[<ARRAY_OF_APP_IDS>],"expired_at":<TIMESTAMP_REMOVE_DATE>,"rule_type":"ip_range","subnet":"<IP_OR_SUBNET>"}}'

curl 'https://api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"force":false,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>","pools":[<ARRAY_OF_APP_IDS>],"expired_at":<TIMESTAMP_REMOVE_DATE>,"rule_type":"ip_range","subnet":"<IP_OR_SUBNET>"}}'

Add to the list multiple countries

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"country","source_values":[<ARRAY_OF_COUNTRIES_REGIONS>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'

curl 'https://api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"country","source_values":[<ARRAY_OF_COUNTRIES_REGIONS>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'

Add to the list multiple proxy services

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"proxy_type","source_values":[<ARRAY_OF_PROXY_SERVICES>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'

curl 'https://api.wallarm.com/v4/ip_rules' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  --data-raw '{"clientid":<YOUR_CLIENT_ID>,"ip_rule":{"list":"<TYPE_OF_IP_LIST>","rule_type":"proxy_type","source_values":[<ARRAY_OF_PROXY_SERVICES>],"pools":[<ARRAY_OF_APP_IDS>],"expired_at":"<TIMESTAMP_REMOVE_DATE>","reason":"<REASON_TO_ADD_ENTRIES_TO_LIST>"},"force":false}'

Delete an object from the IP list

Objects are deleted from IP lists by their IDs.

To get an object ID, request the IP list contents and copy objects.id of the required object from a response:

curl 'https://us1.api.wallarm.com/v4/ip_rules?filter%5Bclientid%5D=<YOUR_CLIENT_ID>&filter%5Blist%5D=<TYPE_OF_IP_LIST>&offset=0&limit=50' \
      -H 'X-WallarmApi-Token: <YOUR_TOKEN>'

curl 'https://api.wallarm.com/v4/ip_rules?filter%5Bclientid%5D=<YOUR_CLIENT_ID>&filter%5Blist%5D=<TYPE_OF_IP_LIST>&offset=0&limit=50' \
      -H 'X-WallarmApi-Token: <YOUR_TOKEN>'

Having the object ID, send the following request to delete it from the list:

curl 'https://us1.api.wallarm.com/v4/ip_rules' \
  -X 'DELETE' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  --data-raw '{"filter":{"clientid":<YOUR_CLIENT_ID>,"id":[<OBJECT_ID_TO_DELETE>]}}'

curl 'https://api.wallarm.com/v4/ip_rules' \
  -X 'DELETE' \
  -H 'X-WallarmApi-Token: <YOUR_TOKEN>' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  --data-raw '{"filter":{"clientid":<YOUR_CLIENT_ID>,"id":[<OBJECT_ID_TO_DELETE>]}}'

You can delete multiple objects at once passing their IDs as an array in the deletion request.