Blocking Part of a Website

You can enable blocking of a part of a website by using the Wallarm-NGINX configuration file.

To enable blocking, use the directives:

  • location – an NGINX directive.
  • wallarm_mode block – a Wallarm directive.

Configuring blocking of a part of a website:

  1. Open for editing the configuration file in the /etc/nginx-wallarm directory.
  2. Set the blocking rules in the $wallarm_mode_real variable and the location to apply the rules in the location block:

     http {
         ...
         geo $wallarm_mode_real { 
             default block;
             1.1.1.1/24 monitoring;
             2.2.2.2 off;
         }
         ...
         server {
             ...
             location /<some_location>/ { 
                 wallarm_mode $wallarm_mode_real;
             }
         } 
     }
    

    The blocking rules in the $wallarm_mode_real variable apply to requests that target URLs containing /some_location/ as substrings:

    • default block — by default, process all the requests and block all the attacks;
    • 1.1.1.1/24 monitoring — process all the requests coming from an IP-address from the «1.1.1.1» — «1.1.1.254» pool, but do not block any, even if an attack is detected;
    • 2.2.2.2 off — do not filter any requests coming from the «2.2.2.2» IP-address.

Disable Blocking of the Wallarm Scanner IP Addresses

Note that if you use the blocking mode by default (default block;) when detecting malicious requests, you must explicitly specify for the Wallarm scanner a list of IP addresses from which requests should not be blocked.

You can read more about disabling the blocking mode for scanner IP addresses here.

results matching ""

    No results matching ""