Skip to content

How to Provide Protection in Services with IP Intelligence?

About

What Is IP Intelligence?

This section is where IP intelligence operations are conducted, and where blacklist IPv4 and IPv6 addresses can be detected and updated through TR7 license servers. On the TR7 ASP device, blacklist IPv4 and IPv6 addresses can be monitored. IP addresses can also be manually added to the Whitelist and Blacklist. Additionally, rules specific to IP categories (such as phishing, spoofing, etc.) can be created for each relevant category.

Interface

Load Balancer - IP Intelligence

Step > 1

To configure IP Intelligence, follow the steps "Settings > General Settings > IP Intelligence."

LOGO

IP database updates can be done both online and offline. By clicking the "Edit" button, online updates can be scheduled daily, weekly, or monthly. If periodic updates are not desired, they can be turned off. The IP Intelligence feature can be used without an additional license as it is included with the default Load Balancer license.

Online updates are performed on TR7 license/update servers, which are completely secure and do not communicate with any third-party software. They contain a dedicated database for blacklist IPs. In addition, the most up-to-date lists are used based on agreements with third-party software like abusedb and web-root.

LOGO

Whitelist and blacklist IPs can be entered manually, and IP categories can be reviewed.

LOGO

Through the "IP Lookup" tab, an IP address can be manually entered to check its categories and blacklist status in the database.

LOGO

Step > 2

For firewall-level IP Intelligence protection, follow the steps "Network > Firewall > Add." After selecting the Route Table, choose "Blacklist IPs" as the source and "Deny" as the rule, then click the "Add" button. This enables IP Intelligence protection at the firewall level.

LOGO

Step > 3

To apply IP Intelligence protection on a vService without using WAF, follow the steps "Traffic Manager > Traffic Manipulation > Actions > Add." Action types such as Block, Show Content, or Location Redirect can be used for the blacklist IP condition. After selecting Block, choose "If the Sourca IP is Blacklisted" from the Conditions tab, then click "Add."

LOGO

Step > 4

Next, to assign the created action to a vService, open the edit screen of the relevant vService.

Activate "Details > Actions" select the created action, and click the "Save" button to apply the changes.

LOGO

Step > 5

When a request is made to the vService from a client added to the manual blacklist, it will be blocked, as seen from the vService logs.

LOGO

WAF - IP Intelligence

Step > 1

For IP Intelligence protection on a vService that uses WAF, follow the steps "Monitor Mode > Relevant vService > WAF Management." Open the edit screen of the "Checks" form.

It will show that "Blacklist IP protection" is enabled by default, and you can select categories. Additionally, you can manually add a Blacklist IP or an exception for the Blacklist IP specific to the vService.

LOGO

Step > 2

When a request is made from a client added to the manual blacklist, the request will be blocked, as seen from the WAF logs.

LOGO