Tab – IP Rules

With IP Rules it is possible to allow (allow list) or reject (deny list) requests based on their IP addresses.

If environment cookies are enabled on the mapping, the environment cookie will also contain the names of all IP address lists that match the source IP address. For more details see Environment cookies.

IP Allow Lists

Requests are only accepted if the client IP is found in at least one of the configured IP allow lists.

Log only

Is used to prevent Airlock Gateway from enforcing the allow listing rules. It will only write the information to the log.

Allow Lists

List of IP address lists for allow lists.

Note: configuring no IP Allow List will result in all traffic being accepted.

Note: configuring an empty list as an IP Allow List will result in all traffic being blocked as no IP address will match the empty list.

IP Deny Lists
Log only

Is used to prevent Airlock Gateway from enforcing the deny listing rules. It will only write the information to the log.

Webroot Threat Categories

Allows to check all threat categories from the threat intelligence feed

Deny List

List of IP address lists for deny lists.

Note: configuring no IP Deny List or an empty list as an IP Deny List will result in all traffic being accepted as no IP address will match.

Dynamic IP Deny List
Block IPs on dynamic deny list

If enabled, all IPs on the dynamic deny list are blocked. See dynamic IP deny list for configuration of the global thresholds. If an IP is on the dynamic deny list and also on a configured deny list exception list (see below), it is not blocked.

Count blocks for dynamic IP deny list

In order to be added to the dynamic IP deny list, IPs must generate a certain amount of blocks within a configured time window. This setting specifies whether blocks occurring on this mapping count towards the configured threshold. Note that the deny list exceptions (see below) have no effect on this feature. That is, blocks are also counted for IPs on deny list exception lists.

The mode for counting blocks allows following options:

  • OFF: Blocks on this mapping are not counted for the dynamic IP deny list threshold.
  • All blocks: All blocks on this mapping are counted for the dynamic IP deny list threshold.
  • Deny rules only: Only deny rule blocks on this mapping are counted for the dynamic IP deny list threshold.
Deny List Exceptions

List of IP address lists for deny list exceptions.

Logging

If an IP Deny List blocks a request based on an IP Address List, a log message is written to the log of Airlock Gateway. Details regarding log messages are documented here.