Blocking by IP

Supported version

This feature is supported starting Wallarm Node 2.8

By default, blocking by IP address is turned off. To turn it on, you need to do the following.

  1. Create file /etc/nginx-wallarm/conf.d/wallarm-acl.conf:

    wallarm_acl_db default {
        wallarm_acl_path /var/lib/nginx-wallarm/wallarm_acl_default;
        wallarm_acl_mapsize 64m;
    }
    
    server {
      listen 127.0.0.9:80;
    
      server_name localhost;
    
      allow 127.0.0.0/8;
      deny all;
    
      access_log off;
    
      location /wallarm-acl {
        wallarm_acl default;
        wallarm_acl_api on;
      }
    }
    
  2. Turn blocking for the particular vhosts and/or locations.

    server {
        ...
        wallarm_acl default;
        ...
    }
    
  3. Add to /etc/wallarm/node.yaml

    sync_blacklist:
        nginx_url: http://127.0.0.9/wallarm-acl
    
  4. Activate synchronisation procedure for the blacklists.

    sed -i -Ee 's/^#(.*sync-blacklist.*)/\1/' /etc/cron.d/wallarm-node-nginx
    
  5. Add IPs to the whitelist if required.

    server {
        ...
        wallarm_acl default;
        allow 1.2.3.4/32;
        satisfy any;
        ...
    }
    

results matching ""

    No results matching ""