- Silverline allows customers to separately denylist source IP addresses so that traffic from these source IP addresses are always dropped
- This article outlines how to denylist IP addresses for Proxy services, for both WAF and DDoS customers utilizing Silverline proxies.
- Silverline DDoS
- Silverline WAF
- DDoS IP Denylist
These are the steps to configure IP denylisting for Proxy services:
1. In the Portal, navigate to Config > IP Management > IP Denylists
2. This opens the IP Management page on the Proxy Denylists tab, which has 2 sub-tabs: Proxy Denylist and Routed Denylist.
Select the Proxy Denylist tab. (For adding denylisted IPs to Routed Services, see Denylisting IP Addresses for Routed Services (DDoS))
3. To add a new Denylist, select the +Add button in the upper right.
4. The Add Denylist Prefixes screen will load.
- Enter the IP addresses and/or subnets, one per line, that you wish to denylist.
- You may specify an expiration period, if required.
How to Format the IPs
An IP address is entered in the normal four tuple format. Enter only one per line.
An example of a prefix would be:
188.8.131.52/24 - this would block any address in the range 184.108.40.206 - 220.127.116.11.
Be sure to not add Restricted IP Addresses.
5. Click Save. The Save drop-down will show 3 choices: Add to Proxy Denylist, Add to Routed Denylist, Add to Proxy and Routed Denylist.
- Choose Add to Proxy Denylist to block traffic from the specified source IPs to your proxies.
- Choose Add to Proxy and Routed Denylist to block the specified IPs on both your routed and proxy services (Only applies if you have both of these services).
- Denylisting IP Addresses for Routed Services (DDoS)
- Allowlisting IP Addresses for DDoS Routed Services
- Allowlisting IP Addresses for WAF Services