Skip to content

IP addresses whitelist

Whitelist is a list of trusted IP addresses that are allowed to access your applications even if requests originated from them contain attack signs. Since the whitelist has the highest priority among other lists, the filtering node in any filtration mode will not block requests originated from whitelisted IP addresses.

In the Wallarm Console → IP listsWhitelist, you can manage whitelisted IP addresses as follows:

  • Add a single IP address or a subnet

  • Add a group of IP addresses registered in a specific country, data center, network, etc.

  • Customize the time and reason for storing the IP address in the list

  • Delete IP address from the list

  • Review the history of list changes

IP whitelisting support

IP whitelisting is supported starting with the regular (client) Wallarm node of version 3.0.

Examples of IP whitelist usage

  • To search for vulnerabilities in the system, you can use Wallarm Vulnerability Scanner. The Scanner sends malicious requests to your application addresses and analyzes application responses. If Scanner IP addresses are not whitelisted, the filtering node can block requests sent by Scanner. To allow Wallarm components to seamlessly scan your resources for vulnerabilities, it is necessary to whitelist Scanner IP addresses.

    Starting with Wallarm node 3.0, Wallarm automatically whitelists Scanner IP addresses.

  • If you use other trusted tools that originate potentially malicious requests, it is necessary to manually add source IPs of these tools to the whitelist.

Adding an object to the list

To add an IP address, subnet, or group of IP addresses to the list:

  1. Click the Add object button.

  2. Specify an IP address or group of IP addresses in one of the following ways:

    • Input a single IP address or a subnet
    • Select a country (geolocation) to add all IP addresses registered in this country
    • Select a source to add all IP addresses that belong to this source:
      • Tor for IP addresses of the Tor network
      • Proxy for IP addresses of public or web proxy servers
      • VPN for IP addresses of virtual private networks
      • AWS for IP addresses registered in Amazon AWS
      • Azure for IP addresses registered in Microsoft Azure
      • GCP for IP addresses registered in Google Cloud Platform
  3. Select the period for which an IP address or a group of IP addresses should be added to the list. The minimum value is 5 minutes, the maximum value is forever.

  4. Specify the reason for adding an IP address or a group of IP addresses to the list.

  5. Confirm adding an IP address or a group of IP addresses to the list.

Analyzing objects added to the list

The Wallarm Console displays the following data on each object added to the list:

  • Object - IP address, subnet, country or IP source added to the list.

  • Application - application to which access configuration of the object is applied. Since applying the object access configuration to specific applications is limited, this column always displays the value All.

  • Source - source of a single IP address or subnet:

    • Country (geolocation) where a single IP address or subnet is registered
    • Data center where a single IP address or subnet is registered: AWS for Amazon, GCP for Google Cloud Platform, Azure for Microsoft Azure
    • Tor for IP address of the Tor network
    • Proxy for IP address of public or web proxy servers
    • VPN for IP addresses of virtual private networks
  • Reason - reason for adding an IP address or a group of IP addresses to the list. The reason is manually specified when adding objects to the list or automatically generated when IPs are added to the list by triggers.

  • Adding date - date and time when an object was added to the list.

  • Remove - time period after which an object will be deleted from the list.

Filtering the list

You can filter the objects in the list by:

  • IP address or subnet specified in the search string

  • Period for which you want to get a status of the list

  • Country in which an IP address or a subnet is registered

  • Source to which an IP address or a subnet belongs

Changing the time that an object is on the list

To change the time that an IP address is on the list:

  1. Select an object from the list.

  2. Click Change time period.

  3. Select a new date for removing an object from the list and confirm the action.

Deleting an object from the list

To delete an object from the list:

  1. Select one or several objects from the list.

  2. Click Delete.