Client IP
How does it work?
This criterion lets you match based on an IP address, a range of IP addresses, or a CIDR block. Use it to deny access to particular end users.
To use this criterion to match end-user IP addresses, apply it together with the Request Type match set to CLIENT_REQ.
Operators
You can select the following logical conditions:
| Value | The Rule is True When... |
|---|---|
| is one of | the incoming request includes any of the IP addresses or CIDR blocks you provided. |
| is not one of | the incoming request does not include any of the IP addresses or CIDR blocks you provided. |
Fields
Enter the IP addresses and CIDR blocks in the text box provided. For example: 198.51.100.0/24
For a large number of values, you can paste the addresses and separate them with a space, comma, or carriage return.
Limitations
- You can enter a maximum of 300 IP addresses, range of IP addresses or CIDR blocks in the match.
- You can only use 3 separate Client IP matches in a property or include rule tree.
Additional options
Consider X-Forwarded-For IP. You can select whether to use the client IP address from the connecting IP address or the X-Forwarded-For header value.
When a client connects to the edge platform using an HTTP proxy or a load balancer, the X-Forwarded-For (XFF) HTTP header identifies the originating IP address of that client.
Updated 4 months ago