The Intrusion Prevention and Detection System or IPDS module offers a set of enhanced security tools to protect your applications at load balancer level. Currently, this is performed using Blacklists, DoS protection, and RBL rules.
The rules are applied in an early phase of the packet flow through the balancer, increasing its performance. In the next Flow Diagram you can see how it happens:
The Blacklists section lets users use the clients’ source IP addresses lists to filter, deny or allow traffic from them to the real servers. The module is preloaded with per country lists ready to be applied. Zevenet keeps the preloaded list up to date. In addition, blacklists can be customized by generating a plain text list of IP addresses. The creation of customized blacklists is explained in the next section: create a custom Blacklist
The IPDS module is able to manage Blacklists and Whitelists for every farm service configured. That means IP addresses blocked or allowed respectively. This section shows the available lists:
Name. Blacklist descriptive name. If you click on the name you will enter the list editing form.
Type. Whether the list is obtained from a Local or Remote location.
Policy. Deny for strictly blacklists and Allow for whitelists. Whitelists rules are evaluated first than bkaclists rules, so if the client IP matches in a whitelist, then the evaluation is finished and the client IP passes the blacklist module.
Farms. The Farms list to which the rule is applied. This field may be expanded using the small square icon at the right of the Farmscolumn header. By default, it is limited to 20 characters. If the list of farms is longer than 20 characters, it is possible that some of them are hidden. Use that small square shaped icon to expand the view.
Status. Farm status is represented by the following status colour codes:
- Green: Means Enabled. The rule is enabled and in use by a farm.
- Red: Means Disabled. The rule is not enabled. If it is being used by a farm, it won’t make any effect.
Actions. Allowed actions per Blacklist are:
- Edit. Edit the blacklist.
- Delete. Remove the blacklist. Only if it’s created by the user.
- Enable/Disable rule. This icon (green triangle or green square) is used to Enable or Disable the blacklist rule.
- Update. Update the blacklist from URL. Only if it’s a remote list.
Actions. Allowed actions for multiple Blacklists are:
- Create Blacklist. Show the blacklist creation form.
- Delete. Remove selected blacklists. Only if it’s created by the user.
- Enable/Disable rule. This icon (green triangle or green square) is used to Enable or Disable the rule.
- Update. Update list from URL. Only if it’s a remote list.
Check out our Blacklist video.