Tab – IP Rules

With IP Rules it is possible to allow (allowlist) or reject (denylist) requests based on their IP addresses.

If environment cookies are enabled on the mapping, the environment cookie will also contain the names of all IP address lists that match the source IP address. For more details see Environment cookies.

Requests are only accepted if the client IP is found in at least one of the configured IP Allowlists.

• Log only – Is used to prevent Airlock Gateway from enforcing the allowlisting rules. It will only write the information to the log.
• Whitelists – List of IP address lists for Allowlists.
• Configuring no IP Allow List will result in all traffic being accepted.
• Configuring an empty list as an IP Allow List will result in all traffic being blocked as no IP address will match the empty list.

• Log only – Is used to prevent Airlock Gateway from enforcing the denylisting rules. It will only write the information to the log.
• Webroot Threat Categories – Allows to check all threat categories from the threat intelligence feed.
• Blacklists – List of IP address lists for denylists. Configuring no IP Denylist or an empty list as an IP Denylist will result in all traffic being accepted as no IP address will match.
• Dynamic IP Blacklist
• Block IPs on dynamic blacklist – If enabled, all IPs on the dynamic denylist are blocked. See dynamic IP denylist for configuration of the global thresholds. If an IP is on the dynamic denylist and also on a configured denylist exception list (see below), it is not blocked.
• Count blocks for dynamic IP blacklist – In order to be added to the dynamic IP denylist, IPs must generate a certain amount of blocks within a configured time window. This setting specifies whether blocks occurring on this mapping count towards the configured threshold. Note that the denylist exceptions (see below) have no effect on this feature. That is, blocks are also counted for IPs on denylist exception lists.
• The mode for counting blocks allows following options:
• OFF: Blocks on this mapping are not counted for the dynamic IP denylist threshold.
• All blocks: All blocks on this mapping are counted for the dynamic IP denylist threshold.
• Deny rules only: Only deny rule blocks on this mapping are counted for the dynamic IP denylist threshold.

List of IP address lists for denylist exceptions.

If an IP Denylist blocks a request based on an IP Address List, a log message is written to the log of Airlock Gateway. Details regarding log messages are documented in the Block Summary list.