Blocking by IP

Supported version

This feature is supported starting Wallarm Node 2.8

By default, blocking by IP address is turned off. To activate it, proceed to the following steps:

  1. Create a file named /etc/nginx/conf.d/wallarm-acl.conf with the following content:

    wallarm_acl_db default {
        wallarm_acl_path /var/lib/nginx-wallarm/wallarm_acl_default;
        wallarm_acl_mapsize 64m;
    }
    
    server {
      listen 127.0.0.9:80;
    
      server_name localhost;
    
      allow 127.0.0.0/8;
      deny all;
    
      access_log off;
    
      location /wallarm-acl {
        wallarm_acl default;
        wallarm_acl_api on;
      }
    }
    
  2. Turn on blocking for the particular vhosts and/or locations by adding the following lines to their configuration files:

    server {
        ...
        wallarm_acl default;
        ...
    }
    
  3. Add the following lines to the /etc/wallarm/node.yaml file:

    sync_blacklist:
        nginx_url: http://127.0.0.9/wallarm-acl
    
  4. Activate the blacklist synchronization.

    One way to do this is to uncomment the line containing sync-blacklist as a substring in the /etc/cron.d/wallarm-node-nginx file by removing the # symbol at the beginning of the line.

    You can also do this by running the following command:

     sed -i -Ee 's/^#(.*sync-blacklist.*)/\1/' /etc/cron.d/wallarm-node-nginx
    

    Sed is a stream editor.

    By default sed writes to standard output. The -i option means that the file will be edited in-place.

    The -eE option comprises two options:

    • The -e option means the following:
      • The first non-option parameter will be used as a script to run on the input.
      • The second non-option parameter will be used as an input file.
    • The -E option means that the script following this option uses the extended regular expression syntax.

    The script that follows the options replaces the lines that satisfy the ^#(.*sync-blacklist.*) regular expression with the string that satisfies the subexpression in parenthesis in the /etc/cron.d/wallarm-node-nginx file. The \1 back-reference of the sed command means that the subexpression in the first parenthesis should be used as a replacement.

    The line that satisfies the ^#(.*sync-blacklist.*) regular expression

    • starts with the # symbol.
    • contains sync-blacklist as a substring.

    The replacement for the described line is the substring of this line without the # symbol at the beginning of the line.

    This command uncomments the line that enables the blacklist synchronization. Thus, the blacklist synchronization will be activated.

    You can learn more about sed by proceeding with the link.

  5. You can add IP addresses to the whitelist to skip checking of the blacklist upon receiving a request from them. For example, the following lines in the vhost or location configuration file add the 1.2.3.4/32 IP address pool to its whitelist:

    server {
        ...
        wallarm_acl default;
        allow 1.2.3.4/32;
        satisfy any;
        ...
    }
    

results matching ""

    No results matching ""