How does it work?

This criterion lets you match based on an IP address, a range of IP addresses, or a CIDR block. Use it to deny access to particular end users.


To use this criterion to match end-user IP addresses, apply it together with the Request Type match set to CLIENT_REQ.


You can select the following logical conditions:

Value The Rule is True When...
is one ofthe incoming request includes any of the IP addresses or CIDR blocks you provided.
is not one ofthe incoming request does not include any of the IP addresses or CIDR blocks you provided.


Enter the IP addresses and CIDR blocks in the text box provided. For example:

For a large number of values, you can paste the addresses and separate them with a space, comma, or carriage return.

Additional options

Consider X-Forwarded-For IP. You can select whether to use the client IP address from the connecting IP address or the X-Forwarded-For header value.

When a client connects to the edge platform using an HTTP proxy or a load balancer, the X-Forwarded-For (XFF) HTTP header identifies the originating IP address of that client.