Network Lists is the Azion platform feature that allows you to create and manage whitelists, blacklists, or even greylists based on the user’s network or location. With this feature, it’s possible to prevent different types of attacks to your network as well as to prevent users with malicious behavior from having access to your applications.
To use the Network Lists feature, it’s necessary to enable the Network Layer Protection module.
Network Lists are used in the business rules of the Edge Firewall Rules Engine through restrictions rules by IPs, Autonomous System Number (ASN), or geolocation, mitigating security risks and optimizing the performance of your resources.
1. How it works
With Azion Network Lists, you can create and manage lists that are loaded on all Azion Edge Nodes. Whenever a Network List is associated with a rule, it’s compared with the IP address of the client performing the HTTP request taking into account the comparison operators configured in the Rules Engine Rule.
Types of Network Lists
|IP/CIDR||It corresponds to a list of IP addresses or CIDR, one address per line must be filled in. If you prefer, also enter the subnet mask of the IP addresses.|
|ASN||AS Number refers to Autonomous System Number Allocation which corresponds to a group of IP address networks managed by one or more network operators that have a clear and unique routing policy. Consulting the ASN Whois service for LACNIC, Azion’s ASN, for example, is AS52580. Choose the ASN type to represent a list of AS groups, filling in one address per line, with only the number without the prefix.|
|Countries||It corresponds to a list of Countries. To include Countries in the list, select the items in the Available Countries tab and move to the Chosen Countries tab.|
After creating a Network List, associate it with one or more Rules or Rule Sets that have the Network Layer Protection module activated.
A Network List is effective when it’s associated with one or more Rules in the Edge Firewall Rules Engine via the conditional (Criteria). To do this, the Network Layer Protection module must be enabled.
To provide even more agility to your processes, Azion provides and maintains Network Lists that are updated automatically and ready to use. One of them is the Azion IP Tor Exit Nodes Network List, which contains the IP addresses of the Tor network that can be used in one or more Rules through the condition (Criteria) Network according to your business needs.
The content of the Network Lists provided by Azion can’t be modified.
2. Creating a Network List
- Go to Real-Time Manager (RTM), access Products Menu > Edge Libraries > Network Lists.
- Click the Add button to add a new list.
- Fill in the following fields:
|Add Network List||Name of your list: give your Network List a descriptive name. This name will appear in the list of options in the Criteria section, within the Rules Engine configuration.|
|Type||Type of Network List:
- ASN (Autonomous System Number);
- Countries - países;
- IP/CIDR - IP addresses or classes of addresses.
|List||Add the items that will make up your list here. For ASN and IP/CIDR types, a typing field will be displayed. Include one address per line. Duplicated items will be deleted automatically. For the Countries type, a selection list will be presented. Select the items in the Available Countries tab and move to the Chosen Countries tab to include them in the list.|
- Click the Save button to finalize your configuration.
3. Related documentation
Didn’t find what you were looking for? Open a support ticket.