Network Lists

Network Lists is a feature from Network Layer Protection, an Edge Firewall module. With Network Lists, you can create and manage allowlists, blocklists, and even greylists, based on the user’s network, IP address, geolocation (countries), or Autonomous System Number (ASN). With this feature, it’s possible to prevent different types of attacks to your network, as well as prevent users with malicious behavior from accessing your applications.

Use blocklists to monitor suspicious behavior, create intelligent rules, and apply restrictions on malicious activity by blocking or limiting access and giving protection to your applications’ incoming and outgoing traffic in the network layer on the edge. You can also create allowlists in case of internal access, tests, and false positives being blocked.

Network Lists are used in the business rules of the Rules Engine for Edge Firewall through restrictions rules by IPs, Autonomous System Number (ASN), or geolocation, mitigating security risks and optimizing the performance of your resources. Whenever a network list is associated with a rule, it’s compared with the IP address of the client performing the HTTP request, taking into account the comparison operators configured in the Rules Engine Rule.

ScopeSource
Network ListsHow to create IP, ASN, and geolocation block/allow lists with Network Lists

The Network Layer Protection service uses a series of lists maintained by the user themselves or by Azion, which can be updated manually or via the Azion API. When a request reaches an Azion Edge Node, it’s assessed and, if it meets the criteria set in the Rule Set for that node, the configured lists are queried, thereby filtering out known offenders even before the request reaches the client’s infrastructure.

When activating the module within an Edge Firewall, the Network criteria and the Deny, Drop, and Set Rate Limit Behaviors become available in the Rules Engine settings of the selected Rule Set. This allows the client to define under what conditions (criteria) the lists will be queried and what behaviors should be executed.

To create and manage Network Lists, you need to have an Edge Firewall configuration with the Network Layer Protection module activated.

TypeDescription
IP/CIDRIt corresponds to a list of IP addresses or CIDR, one address per line must be filled in. If you prefer, also enter the subnet mask of the IP addresses.
ASNAutonomous System Number (ASN) which corresponds to a group of IP address networks managed by one or more network operators that have a clear and unique routing policy. Consulting the ASN Whois service for LACNIC, Azion’s ASN, for example, is AS52580. Choose the ASN type to represent a list of AS groups, filling in one address per line, with only the number without the prefix.
CountriesIt corresponds to a list of Countries. To include Countries in the list, select the items in the Available Countries tab and move to the Chosen Countries tab.

After creating a Network List, associate it with one or more Edge Firewall Rule Set that have the Network Layer Protection module activated.

To provide even more agility to your processes, Azion provides and maintains Network Lists that are updated automatically and ready to use. One of them is the Azion IP Tor Exit Nodes Network List, which contains the IP addresses of the Tor network that can be used in one or more Rules through the condition (criteria) Network according to your business needs.

Comment and due date in IP/CIDR lists

Section titled Comment and due date in IP/CIDR lists

When using an IP/CIDR network list, you can add a comment and a due date in a line. This allows you to provide descriptions on specific items that you add or no longer want to use and specify due dates for specific items. The comment and the due date are limited to the line they’re on. Once you change lines, you need to write new ones.

The # character indicates the beginning of a comment. For example: 192.168.0.1 #comment.

The --LT character indicates the beginnig of the due date. For example: 192.168.0.1 --LT2023-03-27T17:38:47Z.

It’s also possible to combine both features: 192.168.0.1 --LT2023-03-27T17:38:47Z #comment.

If you add a tag at the beginning of the line, it’ll count as if the line is obsolete. For example: #comment 192.168.0.1.


Contributors