Skip to content

Management of IP Addresses Blocking

Info

Wallarm’s version of Kubernetes Ingress controller is based on the community-supported NGINX Ingress controller for Kubernetes, so the majority of recommendations found in the official Ingress controller documentation and in the public Internet are also applicable to the Wallarm’s Ingress controller.

Recommended reading:

After enabling the IP blocking functionality the WAF will provide the following additional features:

  • If the WAF detects at least three different attack vectors from an IP address the address is automatically added to the blacklist and blocked for 1 hour. If a similar behavior from the same IP address is detected again the IP is blocked for 2 hours, etc.

  • Ability to manage the blacklist of IPs from your Wallarm account UI.

  • Ability to use Wallarm to protect against behavior-based attacks such as brute-force, path traversal attacks or forced browsing.

To enable the IP blocking functionality in the Ingress controller, please follow the instructions below:

  1. Upgrade Wallarm Ingress controller Helm chart to version 1.7.0 or later from the GitHub repository (including the values.yaml file).

  2. Open the ingress-chart/wallarm-ingress/values.yaml file of updated Helm chart version and set the controller.wallarm.acl.enabled attribute to true:

    controller:
        wallarm:
            acl:
                enabled: true
    

  3. Apply updates to an existing Wallarm Ingress controller using the following command:

    helm upgrade INGRESS_CONTROLLER_NAME VALUES_YAML_FOLDER --reuse-values
    

    • INGRESS_CONTROLLER_NAME is the name of an existing Wallarm Ingress controller,
    • VALUES_YAML_FOLDER is the path to the folder with updated values.yaml.

    Synchronization of IP blocking blacklist data between the Ingress controller and Wallarm cloud is enabled.

  4. Enable the IP blocking functionality for your Ingress using the following command:

    kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-acl=on
    

    • YOUR_INGRESS_NAME is the name of your Ingress.

To disable the functionality, please use the similar command with the off value:

kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-acl=off