The Intrusion Prevention and Detection System or IPDS module offers a set of enhanced security tools to protect your applications at load balancer level. Currently, this is performed using Blacklists, DoS protection and RBL rules.
The rules are applied in a early phase of the packet flow through the balancer, thus increasing its performance. In the next Flow Diagram you can see how it happens:
The Blacklists section lets users use the clients source IP addresses lists to filter, deny or allow traffic from them to the real servers. The module is preloaded with per country lists ready to be applied. Zevenet keep the preloaded list up to date. In addition, the blacklists can be customized by generating a plain text list of IP addresses. The creation of customized blacklist is explained on next section: create a custom Blacklist
The IPDS module is able to manage Blacklists and Whitelists for every farm service configured. That means IP addresses blocked or allowed respectively. This section shows the available lists:
NAME. Blacklist ID. If you click on the name you will enter the list editing form.
TYPE. Whether the list is obtained from a Local or Remote location.
POLICY. Deny for strictly blacklists and Allow for whitelists.
FARMS. The Farms to which the rule is applied. This field may be expanded using the small icon (little arrows) at the right of the FARMScolumn header. By default is limited to 20 characters. If the list of farms is longer it is possible some of them are hided. Use that small icon to expand the view.
STATUS. Farm status are represented by the following status color codes:
- Green: Means ENABLED. The rule is actually being used.
- Red: Means DISABLED. The rule is not enabled, thus it is not having any effect on the farm.
ACTIONS. Allowed actions for the status of the Blacklist:
- Create Blacklist. Show the form to create a new blacklist.
- Edit. Edit the list.
- Delete. Remove the blacklist. Only if it’s created by the user.
- Enable/Disable rule. This icon (gren triangle or gren square) is used to Enable or Disable the rule.
- Update. Update list from URL. Only if it’s a remote list.
Check out the Blacklist video.
Next step, create a custom Blacklist.