Tab – IP Rules

With IP Rules, requests based on their IP addresses can be allowed in the section IP Whitelists or blocked in IP Blacklists with or without blacklist exceptions. New IP lists can be configured in Submenu – IP Address Lists and used in the section IP Whitelists as well as IP Blacklists.

If environment cookies are enabled on the mapping, the environment cookie will also contain the names of all IP address lists that match the source IP address. For more details see Environment cookies.

In the IP Whitelists table, every row equals a rule and can be enabled or disabled . Rows are processed from top to bottom.

• Log only – This option is used to prevent Airlock Gateway from enforcing all IP Whitelists rules. It will only write information in the log.
• An empty IP Whitelists table does not block requests.
• If the client's request matches a path configured in the field Path pattern, one of the IP lists in the Whitelists field configured in the same row must match. Otherwise, the request is blocked by this IP Whitelists rule.
• If a request does not match any of the configured paths, the IP Whitelists rules do not block the request.
• An empty path in an IP Whitelists rule always matches. This is generally the case with regular expressions unless the Invert option is ticked and the rule is enabled.

• Percentage variables such as %ENTRYDIR% are allowed.
• Roles can be shifted to sort them in the required order for top-down processing.

• Log only – Is used to prevent Airlock Gateway from enforcing the denylisting rules. It will only write the information to the log.
• Webroot Threat Categories – Allows to check all threat categories from the threat intelligence feed.
• Blacklists – List of IP Lists that should be blacklisted. New IP Lists can be set up in Submenu – IP Address Lists. Configuring no IP List or using an empty list as an IP Denylist will result in all traffic being accepted as no IP address will match.
• Dynamic IP Blacklist
• Block IPs on dynamic blacklist – If enabled, all IPs on the dynamic denylist are blocked. See dynamic IP denylist for configuration of the global thresholds. If an IP is on the dynamic denylist and also on a configured denylist exception list (see below), it is not blocked.
• Count blocks for dynamic IP blacklist – To be added to the dynamic IP denylist, IPs must generate a certain amount of blocks within a configured time window. This setting specifies whether blocks occurring on this mapping count towards the configured threshold. Note that the denylist exceptions (see below) do not affect this feature. That is, blocks are also counted for IPs on denylist exception lists.
• The mode for counting blocks allows following options:
• OFF: Blocks on this mapping are not counted for the dynamic IP denylist threshold.
• All blocks: All blocks on this mapping are counted for the dynamic IP denylist threshold.
• Deny rules only: Only deny rule blocks on this mapping are counted for the dynamic IP denylist threshold.

Airlock Gateway can monitor IPs with bad behavior and temporarily block them. If an IP triggers a block, it will be put on a watchlist. If there are too many blocks during a certain period from the same IP, it is added to the dynamic IP denylist for a defined period.

See also article Submenu – Dynamic IP Blacklist.

IP Lists can be selected from the drop-down list. New IP List entries can be added in Submenu – IP Address Lists.

If an IP Denylist blocks a request based on an IP Address List, a log message is written to the log of Airlock Gateway. Details regarding log messages are documented in the Block Summary list.

• Internal links:
• Submenu – IP Address Lists
• Environment cookies
• Submenu – Dynamic IP Blacklist
• Submenu – Threat Intelligence
• Block Summary