IPDS | Blacklists

POSTED BY Zevenet | 25 October, 2021

The Intrusion Prevention and Detection System or IPDS module offers a set of enhanced security tools to protect your applications at load balancer level. Currently, this is performed using Blacklists, DoS protection, and RBL rules.

The rules are applied in an early phase of the packet flow through the balancer, increasing its performance. In the next Flow Diagram, you will see how this happens:

zevenet traffic flow

The Blacklists section lets users use the clients’ source IP address lists to filter, deny or allow traffic from them to the real servers. The module is preloaded with per-country lists ready to be applied. ZEVENET keeps the preloaded list up to date. Additionally, blacklists can be customized by generating a plain text list of IP addresses. The creation of customized blacklists is explained in the next section Create a custom Blacklist.

The IPDS module is able to manage Blacklists and Whitelists for every farm service configured. That means IP addresses are blocked or allowed respectively. This section shows the available lists:

Name. Blacklist descriptive name. If you click on the name you will enter the list editing form.
Type. Whether the list is obtained from a Local or Remote location.
Policy. Deny for blacklists and Allow for whitelists. Whitelist rules are evaluated first before blacklist rules. So, if the client IP matches in a whitelist, then the evaluation is finished and the client IP passes the blacklist module.
Farms. The Farm list to which the rule is applied. This field may be expanded using the small square icon at the right of the Farmscolumn header. By default, it is limited to 20 characters. If the list of farms is longer than 20 characters, some of them may be hidden. Use that small square-shaped icon to expand the view.
Status. Farm status is represented by the following status color codes:

  • Green. Means Enabled. The rule is enabled and in use by a farm.
  • Red. Means Disabled. The rule is not enabled. If it is being used by a farm, it won’t make any effect.

Actions. Allowed actions per Blacklist are:

  • Create Blacklist. Show the blacklist creation form.
  • Start. Start the list from a URL only if it’s a remote list.
  • Stop. Stop the list from a URL only if it’s a remote list.
  • Update. Update the blacklist from the URL. Only if it’s a remote list.
  • Delete. Remove the blacklist. Only if it’s created by the user.
  • Edit. Edit the blacklist.
  • Enable/Disable rule. This icon (green triangle or green square) is used to Enable or Disable the blacklist rule.

Check out our Blacklist video.

Next step, Create a custom Blacklist.

Share on:

Documentation under the terms of the GNU Free Documentation License.

Was this article helpful?

Related Articles