Block & Allow Rules

Manage IP, User Agent, GEO, and Query String rules

Block & Allow Rules provide a straightforward way to manage traffic by maintaining lists of blocked, allowed, or monitored IPs, User Agents, countries, and query strings. Use these for quick, targeted traffic control.

Creating a Block/Allow Rule

  1. Navigate to Block Rules in the sidebar
  2. Click New Block Rule
  3. Configure the rule:
    • Project — Select which project this rule applies to
    • Field — Choose the rule type (IP, User Agent, Query String, or GEO Country)
    • Value — Enter the values to match (see field-specific details below)
    • Action — Choose the action to take
    • Note — Add a description for reference
  4. Click Save

Field Types

IP Address

Enter one or more IP addresses, one per line. Supports individual IPs and ranges.

Available Actions: Block, Allow, Monitor, Whitelist, Blacklist

  • Whitelist — Permanently allow this IP, overriding all block rules
  • Blacklist — Permanently block this IP

User Agent

Enter one or more User Agent strings, one per line.

Available Actions: Block, Allow, Monitor, Blacklist

Query String

Enter query string patterns, one per line.

Available Actions: Block, Allow, Monitor, Blacklist

GEO Country

Select one or more countries from the dropdown list. WAF360 supports 200+ countries.

Available Actions: Block, Allow, Monitor, Blacklist

Actions

ActionDescription
BlockDeny traffic matching this rule
AllowPermit traffic matching this rule
MonitorLog the traffic without blocking or allowing
WhitelistPermanently allow (IP only), overrides block rules
BlacklistPermanently deny traffic

Managing Rules

Viewing Rules

The Block Rules list shows all rules with columns for:

  • Project — Which project the rule applies to
  • Field — Rule type (IP, UA, QS, Country Code)
  • Text — The matched value(s)
  • Action — Block, Allow, Monitor, etc.
  • Note — Description
  • First Seen — When the rule was created
  • Last Seen — When the rule was last updated

Searching Rules

Use the search box to find rules by their value text.

Editing a Rule

Click on a rule to open its settings and modify the field, value, action, or note.

Deleting a Rule

Open the rule settings, scroll to the Danger Zone, and confirm deletion.

Bulk Operations

Select multiple rules using the checkboxes, then choose a bulk action:

  • Allow — Change selected rules to Allow
  • Block — Change selected rules to Block
  • Monitor — Change selected rules to Monitor
  • Delete — Remove selected rules

A progress modal shows the status of each item during bulk operations.

Quick Actions from Events

You can add IPs to your block or allow list directly from the HTTP Events page or the Traffic Analytics Insights dashboard:

  1. Find a suspicious IP in the Events table or Top IP chart
  2. Hover over the IP address
  3. Click the action button to add it to your block or allow list

This lets you respond to threats without leaving the analytics view.