How to Denylist IP Addresses for Proxy Services (WAF and DDoS)


  • Silverline allows customers to separately denylist source IP addresses so that traffic from these source IP addresses are always dropped
  • This article outlines how to denylist IP addresses for Proxy services, for both WAF and DDoS customers utilizing Silverline proxies.


  • Silverline DDoS
  • Silverline WAF
  • DDoS IP Denylist 


These are the steps to configure IP denylisting for Proxy services:

1. In the Portal, navigate to Config > IP Management > IP Denylists

2. This opens the IP Management page on the Proxy Denylists tab, which has 2 sub-tabs: Proxy Denylist and Routed Denylist.

Select the Proxy Denylist tab. (For adding denylisted IPs to Routed Services, see Denylisting IP Addresses for Routed Services (DDoS))


3. To add a new Denylist, select the +Add button in the upper right.


4. The Add Denylist Prefixes screen will load.


  • Enter the IP addresses and/or subnets, one per line, that you wish to denylist.
  • You may specify an expiration period, if required.

How to Format the IPs

An IP address is entered in the normal four tuple format. Enter only one per line.

An example of a prefix would be: - this would block any address in the range -

Be sure to not add Restricted IP Addresses.   

5. Click Save. The Save drop-down will show 3 choices: Add to Proxy Denylist, Add to Routed Denylist, Add to Proxy and Routed Denylist.

  • Choose Add to Proxy Denylist to block traffic from the specified source IPs to your proxies.
  • Choose Add to Proxy and Routed Denylist to block the specified IPs on both your routed and proxy services (Only applies if you have both of these services).


Related Content



Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request