We have a requirement to whitelist the range of IP addresses from WAF) below:
199.83.128.0/21
198.143.32.0/19
149.126.72.0/21
103.28.248.0/22
45.64.64.0/22
185.11.124.0/22
192.230.64.0/18
More detail:
https://incapsula.zendesk.com/hc/en-us/articles/200627570-Restricting-direct-access-to-your-website-Incapsula-s-IP-addresses-
And I'm using .net ipSecurity section. But haven't found any example of how to add the above ip addresess without having to add ALL ip addresses.
e.g.
<ipSecurity allowUnlisted="false">
<!-- this line blocks everybody, except those listed below -->
<clear/>
<add ipAddress="xx.xx.xx.xx" allowed="true"/>
</ipSecurity>
I'm newbie on subnet mask.
Is there an elegant way to implement this?
Click IP Address Manager > IP Addresses > Manage Subnets & IP Addresses. In the network tree pane on the left, click the subnet to which you want to add your new IP address range. Click Add IP Range. Enter the starting IP address and the ending IP address of your IP address range.
In 199.83.128.0/21, 21 is the CIDR format of the subnet mask. You can use a conversion table to convert the CIDR format to an IP address.
Then set your IPSecurity to deny all except the specified IP addresses. I.e.:
<security>
<ipSecurity allowUnlisted="false">
<add allowed="true" ipAddress="199.83.128.0" subnetMask="255.255.255.240"/>
[add additional ip addresses here]
</ipSecurity>
</security>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With