LOG IN SIGN UP
Documentation

Using the IP block list

  Last updated November 06, 2018

You can prevent specific IP addresses from accessing your service by adding them to a block list. Enabling this feature creates a condition and response that returns a 403 error to anyone trying to access the service from a blocked IP address. You can use this feature to prevent bad actors from interfering with the operation of your web application.

Enabling the IP block list

To enable the IP block list, follow the steps below:

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Configuration button and then select Clone active. The Domains page appears.
  4. Click the Settings link. The Settings page appears.
  5. Click the IP block list switch to On.

    IP block list quick configuration

  6. Click the Activate button to deploy your configuration changes.

Blocking an IP address

To block an IP address, follow the steps below:

  1. Click the Add address link. The entry fields appear.
  2. In the Address field, type an IP address or subnet mask (a range of IP addresses) to block for this service. To add an exception for an IP address, use an exclamation point (for example, use !192.0.2.0 or !192.0.2.0/24).
  3. In the Comment field, type an optional comment that describes the IP address or subnet mask.
  4. Click the Add button. The IP address or subnet mask appears in the list. This addition will become effective immediately.

    an IP block list, complete with an IP address and a subnet mask, as it appears in the Fastly web interface

Editing a blocked IP address

You can edit a blocked IP address or subnet mask at any time. To edit an IP address or a subnet mask, follow the steps below:

  1. Find the IP block list associated with your service in which the associated IP addresses or subnet masks appear. Because these entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
  2. In the IP block list area, hover your cursor over an entry, then click the pencil icon that appears.
  3. Edit the IP address, subnet mask, or comment as necessary.
  4. Click the Save button. The changes you make will be immediately applied to your configuration. If your IP block list has already been associated with a deployed service version, those changes will happen live.

Deleting an IP block list entry

You can delete individual entries in the IP block list at any time. To delete an IP address or subnet mask that was created via the web interface:

  1. Find the IP block list associated with your service in which the associated IP addresses or subnet masks appear. Because these entries are versionless, the service version you choose doesn't matter.
  2. In the IP block list area, hover your cursor over an entry, then click the trash can icon that appears.
  3. Click the Confirm and delete button.

Disabling the IP block list

The IP block list and its associated entries can be disabled in any unlocked service version. To disable the IP block list, follow the steps below:

  1. Find the IP block list associated with an unlocked version of your service.
  2. Click the IP block list switch to Off.
  3. Click the Yes button. This disables the block list and deletes all associated entries.
  4. Click the Activate button to deploy your configuration changes.

Creating other ACL types

If you need other types of ACLs, you'll need to create them in the Data page of the web interface.


Additional resources:


Back to Top