Valid Client IP Handler

Purpose

The Valid Client IP Handler validates the IP address of the client that sends a query, using a list of valid IP address ranges. Requests with an invalid IP address are denied by vWAF with a configurable HTTP error code.

You can use this function to restrict the access so that a web application or specific paths of a web application can only be accessed by users within specific computer networks (e.g. your own company). Another scenario are systems that normally use a separate URL (e.g. / admin) to carry out administrative tasks, for example. It’s also possible to make access to specific content more difficult for competitors or users from specific regions.

For more information regarding adding and editing Handlers, see Editing Handlers.

Severity

Events triggered by this handler are given the severity: low. (For details on severity levels, see Severity of Events Triggered by Handlers).

Recommendations for use

Should only be switched on if required, when you want to permit access to parts of an application only by defined IP addresses.

Attributes

Attribute Meaning

client ip blacklist

List of IPv4 and IPv6 address ranges to be excluded (for syntax, see Specifying IP Addresses). Users with an IP address from one of these ranges are given the HTTP error code specified under error code.

Examples:

81.243.62.0/24 2a01:4f8:130:8421::/64

For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed.

client ip whitelist

List of valid IPv4 and IPv6 address ranges (for syntax, see Specifying IP Addresses). Users with an IP address from an address range not contained on the whitelist are given the HTTP error code specified under error code.

Address ranges in the whitelist can be restricted by more tightly defined address ranges in the blacklist.

Address ranges for private networks are already included on the whitelist by default.

For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed.

gbl

Activate this option if you want to use the global IP blacklist as an additional graylist. In this case, vWAF denies a request if the request's IP isn't on the client ip whitelist but on the global IP blacklist (see also Global IP Blacklisting).

For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed.

rbl

Activate this option if you want to use an external realtime blacklist for the evaluation in addition to the whitelist client ip whitelist and to the blacklist client ip blacklist. A realtime blacklist provides current IP addresses of typical undesirable visitors in realtime.

vWAF always first takes into account the whitelist client ip whitelist followed by the blacklist client ip blacklist. The realtime blacklist is only queried if vWAF can't assign an IP address to either the client ip whitelist or the client ip blacklist.

ATTENTION
Depending on the speed at which the realtime blacklist supplies its data, this can considerably delay the access to your web application for users.

For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed .

rbl domain

Only has an effect if the option rbl has been activated.

Select from the list one of the supported providers of realtime blacklists.

rbl password

Only has an effect if the option rbl has been activated.

Enter the password here that you've obtained from the provider entered under rbl domain for access to the realtime blacklist.

rbl on timeout allow request

Only has an effect if the option rbl has been activated.

It can happen that the realtime blacklist is temporarily not available (DNS timeout). Activate the option rbl on timeout allow request if in this case an IP address is to be handled as if it wasn't on the realtime blacklist.

rbl if search engine allow request

Only has an effect if the option rbl has been activated.

Activate this option if you want to permit the entries identified as search engines on the realtime blacklist.

error code

HTTP error code that's returned to users with an invalid IP address. Possible error codes include, for example:

  • 401 (Unauthorized)
  • 402 (Payment Required)
  • 403 (Forbidden)
  • 404 (Not Found)

(See also HTTP Error Codes)

usertext

Optional:

Here you can specify some text that vWAF adds to the log file entries created by this handler. You can use this, for example, to document why you've added the handler to your configuration, and how the handler is intended to behave.

enable logging

Disable this option if you do not want vWAF to create a log file entry when the handler is executed. This can be useful to keep log files smaller in case the handler creates a large number of entries but you don't need these entries.

When in detection mode, disabling logging de facto makes the handler ineffective. Disabling logging also prevents the actions of the handler from being taken into account for the Top-10 lists in Attack Analysis, and from being listed in Reports. To decrease the size of the log files, also consider to enable reduced logging, which excludes all non-handler-related information from the log files (see Editing Applications).

For details regarding entries added to the log file by this handler, see the relevant section in Entries in Application-Specific Log Files.