Allow and block IP addresses in firewall
Our firewall is your first line of protection to block or allow specific IP addresses or IP ranges from reaching your domain. Our firewall rules contain a single condition—either "block" or "allow" an IP. They are quick to implement and easy to adjust as compared to the custom or advanced WAAP rules.
All rules with allowed or blocked IPs appear on the Firewall page.
A rule can appear on this page in one of the following ways:
You manually added an IP address to the allow or block list on the Firewall page.
You’ve created a new rule for the IP address on the Analytics page.
If you want to add a rule for verified bots and crawlers, check our common automated services policy group to see if a similar policy already exists.
Enabling predefined policies gives you immediate protection without further testing and manual adjustments. They are created and optimized to accurately distinguish between legitimate and harmful automated traffic, which reduces the risk of false positives or negatives.
Add IPs to allowlist or blocklist
You can allow and block traffic for both IPv4 and IPv6 addresses. For each address type, you need to create a separate firewall rule:
1. In the Gcore Customer Portal, navigate to WAAP > Domains.
2. Find the needed domain and click its name to open it. You'll be directed to the Policies page.
3. In the sidebar, click Firewall.
4. Navigate to the needed section:
Allow IPs: Permit specific IPs or IP ranges to access your domain without any restrictions or security checks.
Block IPs: Deny IPs or IP ranges access to your domain.
5. Click Add IP/IP Range. To allow or block traffic for an IP range, enter its first and last IP address.
You can specify up to 30 networks in a single range. Subnet masks are not supported.
6. Enter the IP information and provide a description. To add an IP address range, enter the first address and then the last address in the next field.
You can’t add a subnetwork to the IP or IP range.
7. Click Save to add the IP to the list.
Depending on the applied action, the traffic from this IP address will be either allowed or blocked on your domain.
Manage blocked and allowed IPs
You can view, create, and customize rules for blocking IP addresses and ranges on the Firewall page. If you have a large number of rules, you can search by rule description to find the one you need.
Additionally, all blocked and allowed IPs are displayed on the WAAP Rules page, where you can temporarily disable or enable them if necessary.
If you disable a firewall rule on the WAAP Rules page, it will no longer be visible on the Firewall page. Once re-enabled, the rule will appear on the Firewall page automatically.
Update an IP or IP range
If the IP address of a trusted client has changed or you’ve detected new threats within the IP range, you can update the IP address or range accordingly.
Sometimes an IP address may be incorrectly flagged as a threat or become a security risk. In such cases, you can remove the address from the list and apply the necessary security actions.
To update or remove an IP or IP range:
1. In the Gcore Customer Portal, navigate to WAAP > Domains.
2. Find the needed domain and click its name to open it. You'll be directed to the Policies page.
3. In the sidebar, click Firewall.
4. Navigate to the needed section with the configured IP address—Allow IPs or Block IPs.
5. Find the IP you want to manage and click the three-dot icon next to it.
6. Select the relevant action from the dropdown—Edit or Delete—and follow the instructions.
Delete multiple rules with group actions
You can simultaneously delete multiple rules that allow or block particular IPs or IP ranges. To do so, select checkboxes next to the firewall rules you want to delete and then choose the Delete action from the Actions dropdown.
Was this article helpful?