Blocking a specific IP using WAF

A custom WAF rule can be crafted to block or blacklist a particular IP address. This is useful if there is a need to temporarily or permanently block an IP address.

Create a file in a text editor called block_ip_rule.conf (for example). Populate the file with the bold text below. The IP address, rule name, and rule ID provided are for example purposes only. These values can be changed to fit the end user needs.

 

# ---------------------------------------------------------------
# Blocks all access from IP 10.0.30.107
# ---------------------------------------------------------------


#
# The rule in this file will log all requests from the IP.

 

SecRule REMOTE_ADDR "@ipMatch 10.0.30.107" "id:'99999',phase:1,t:none,block,log,msg:'IP Block Rule'"

 

Notes:

Customer generated rules should use the rule ID range of 1-99999. The use of numbers above 99999 will cause conflicts.

ipmatch can also use a list with a combination of IPs and/or network.

For example:

@ipmatch 1.2.0.0/16,5.6.7.8,127.0.0.0/8

 

 

Was this article helpful?

0 out of 0 found this helpful

Comments