Silverline allows customers to denylist (formerly blacklist) source IP addresses so that traffic from these source IP addresses is always dropped. This article outlines how to denylist IP addresses for Routed services.
- Silverline DDoS
- DDoS IP Denylist
1. In the Portal, navigate to Config > IP Management > IP Denylists
2. This opens the IP Management page on the Denylists tab, which has 2 sub-tabs: Proxy Denylist and Routed Denylist.
Select the Routed Denylist tab. (For adding denylisted IPs to Proxy Services, see Denylisting IP Addresses for Proxy Services.)
3. To add a new Denylist, select the +Add button in the upper right.
4.Enter the IP addresses and/or subnets, one per line, that you wish to denylist.
- You may specify an expiration period, if required.
How to Format the IPs
An IP address is entered in the normal four tuple format. An example of a prefix would be:
126.96.36.199/24 - this would block any address in the range 188.8.131.52 - 184.108.40.206.
Be sure to not add Restricted IP Addresses.
5. Click Save. The drop-down will show 3 choices: Add to Proxy Denylist, Add to Routed Denylist, Add to Proxy and Routed Denylist.
- Choose Add to Routed Denylist to block the specified IPs on your routed services.
- Choose Add to Proxy and Routed Denylist to block the specified IPs on both your routed and proxy services (Only applies if you have both of these services).
- Denylisting IP Addresses for Proxy Services
- Allowlisting IP Addresses for DDoS Routed Services
- Allowlisting IP Addresses for WAF Services