Follow

How to Allow IP addresses to Bypass Mitigation for DDoS Routed Services

Description

We describe how to allowlist (formerly known as whitelist) source IP addresses to prevent Silverline Routed DDoS services from mitigating / blocking them.

  • Source IP addresses are allowed as exceptions from being potentially blocked by Silverline.
  • Even if the client attached to a allowlisted IP address is marked as suspicious, the client is allowed to bypass the DDoS mitigation logic and permitted to transit to your servers.
  • You can allow IP network prefixes to bypass mitigations.
  • NOTE: The AllowList functionality in portal does not bypass your GRE firewall rules. Firewall ACLs run independently of the mitigation filters and are under customer control. 
    How to Edit / Add Firewall Rules via Portal
  • For DDoS Proxy denylisting, see: How to Denylist IP Addresses for Proxy Services (WAF and DDoS)

 

Environment

  • Silverline DDoS
    • Routed
  • DDoS IP Allowlist

 

Procedure

1. Navigate to Config > IP Management > DDoS IP Allowlists

2. Select the +Add button in the upper right.

3. Enter up to 100 IP addresses or IP prefixes, one per line

  • An IP address is entered in the normal four tuple format. 
  • An example of a prefix would be: 80.20.32.0/24 - This would block any address in the range 80.20.32.1 - 80.20.32.255.
  • DDoS_Whitelist.png

4. Click Save.

 

Important note: It is recommended to redeploy the L7DoS profiles to use updated Allowlist.

 

Related Content

 

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request