In this section we have three lists: a dynamic blacklist, a blacklist and a whitelist. In the dynamic blacklist are added automatically ip´s that reach the max number of hacking attempts established (5 by default). They are blocked during the time specified in the IP blocked time (in seconds) field (600 seconds by default):
In the blacklist we put the ip addresses that are not permitted to access our web site. If any ip in the list tries to access the website, it will obtain a 403 error. With Include in email notifications, we can set if we want to receive and email when a blacklisted ip tries to access our site. If this option is set to 'Yes', we can reach email's limit easily.
In the whitelist we put the ip addresses that will not apply any filter. The ip addresses of this list do not generate any log, so use this list carefully.
Both list use the common ip format (IPv4 and IPv6 Addressing Notation), like this: 192.168.1.40, 2001:13d0::1. We can also specify IPv4 ranges usign the sign as a wildcard: 192.168.1., 192.168.., or a CIDR notation: 192.168.100.14/24 . Ipv6 only allows CIDR notation to specify ranges: 2001:13d0::/29
With the Priority box we can shoose the preference of the previous lists. We can set the order to which the lists will be applied: Dynamic blacklist, blacklist, Whitelist and Geoblock.
For example, suppose we have the following scenario: Blacklist -> 192.160.5. Whitelist -> 188.8.131.52 There´s a conflict because ip 184.108.40.206 is included in the ip range 192.160.5. so if we have an attack from the ip in the whitelist, it will be blocked? The priority box have the response.
If blacklist is stablished in the first field and Whitelist in the second field, the ip will be blocked. If whitelist is stablished in the first field and Blacklist in the second filed, the ip will pass the filters.
If an ip is blocked by the dynamic blacklist or blacklist, the user gets a 403 error page when tries to access the website:
We can export/import Ips. We can also use external IP files, but must have the format: IP,IP,IP (this is comma separated values). No text is allowed.