Back to website Login
There was a problem loading the comments.

How to whitelist IP addresses in the 7G WAF Firewall

Support Portal  »  Knowledgebase  »  Viewing Article
  Print

To add IP addresses to your site's firewall allow list, you will first need to connect to your site's server files via SFTP. If you need help with this step, please feel free to ask for assistance in gathering your SFTP server credentials. 

 

Once you've connected to your site, you will see a folder called sites. You will open the sites folder, then the folder that has the same name as the website you're working with. 

sites/yourdomain.url/nginx/

 

Inside that folder you will have the ability to create new allow lists. When you create a new file there, make sure you name it something that you'll recognize so we can troubleshoot connection issues if things break down the road.

 

We like to use the name of the service we're attempting to connect to when creating the file. For example, if you were trying to connect to a software called Gratisfaction, the file name would be gratisfaction-whitelist-7g-context.conf. If you were trying to connect to something else you'd just replace the "gratisfaction" portion with the name of the service, keeping in mind that you can't use spaces or other special characters in the name of the file.

 

Once you've created the file, you'll want to modify it to include the following content:

if ($remote_addr = "199.191.137.17") {
    set $7g_drop_bad_request 0;
    set $7g_drop_bad_referer 0;
    set $7g_drop_bad_query_string 0;
    set $7g_drop_bad_method 0;
    set $7g_drop_bad_bot 0;
}

 

Take note that the IP address listed there "199.191.137.17" is used for example purposes and should be replaced with the IP address you want to add to your allow list.

 

If you also have more than one IP address then you would separate the different IP addresses with a pipe character and modify the "=" to use a "~*" instead like this:

if ($remote_addr ~* "199.191.137.17|199.191.137.18") {

 

In the 7G firewall you can not whitelist an entire block of IP addresses and MUST allow each individual IP address.

 

Once that file has been created, please notify our support team and request that we "test and reload nginx".

 

If you need any help of have any questions along the way, just open a ticket and let the team know what needs to be added to your 7G allow list.

Share via
Did you find this article useful?  

Comments

Add Comment

Replying to  

Categories

Tags

© Stoute Web Solutions