Management of IP Addresses Blocking¶
Wallarm’s version of the Kubernetes Ingress controller is based on the community-supported NGINX Ingress controller for Kubernetes, so the majority of recommendations found in the official Ingress controller documentation and on the public Internet are also applicable to Wallarm’s Ingress controller.
After enabling the IP blocking functionality the WAF will provide the following additional features:
If the WAF detects at least three different attack vectors from an IP address the address is automatically added to the blacklist and blocked for 1 hour. If a similar behavior from the same IP address is detected again the IP is blocked for 2 hours, etc.
Ability to manage the blacklist of IPs from your Wallarm account UI.
To enable the IP blocking functionality in the Ingress controller, please follow the instructions below:
Upgrade Wallarm Ingress controller Helm chart to version 1.7.0 or later from the GitHub repository (including the
ingress-chart/wallarm-ingress/values.yamlfile of the updated Helm chart version and set the
controller: wallarm: acl: enabled: true
Apply updates to an existing Wallarm Ingress controller using the following command:
helm upgrade INGRESS_CONTROLLER_NAME VALUES_YAML_FOLDER --reuse-values
INGRESS_CONTROLLER_NAMEis the name of an existing Wallarm Ingress controller,
VALUES_YAML_FOLDERis the path to the folder with the updated
Synchronization of IP blocking blacklist data between the Ingress controller and Wallarm cloud is enabled.
Enable the IP blocking functionality for your Ingress using the following command:
kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-acl=on
YOUR_INGRESS_NAMEis the name of your Ingress.
To disable this functionality, please use the same command with the
kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-acl=off