WAF IP Blocking
Learn how to customize the Vercel WAF to restrict access to certain IP addresses.You can create custom rules to block a specific IP address or multiple IP addresses by CIDR, effectively preventing unauthorized access or unwanted traffic. This security measure allows you to restrict access to your applications or websites based on the IP addresses of incoming requests.
Common use cases for IP blocking on Vercel include:
- Blocking known malicious IP addresses
- Preventing competitors or scrapers from accessing your content
In cases such as blocking based on complying with specific laws and regulations or to restrict access to or from a particular geographic area, we recommend using Custom Rules.
- You need to be a Developer or Viewer in the team to view the Firewall overview page and list the rules
- You need to be a Project administrator or Team member to configure, save and apply any rule and configuration
Project level IP Blocking is available on all plans
Those with the member, viewer, developer and administrator roles can access this feature
To block an IP address, navigate to the Firewall tab of your project and follow these steps:
- Select Configure on the top right of the Firewall overview page
- Scroll down to the IP Blocking section
- Select the + Add IP button
- Complete the required IP Address Or CIDR and Host fields in the Configure New Domain Protection modal
- The host is the domain name of the site you want to block the IP address from accessing. It should match the domain(s) associated with your project
- You can copy this value from the URL of the site you want to block without the
https
prefix - It must match the exact domain you want to block, for example
my-site.com
,www.my-site.com
ordocs.my-site.com
- You should add an entry for all subdomains that you wish block, such as
blog.my-site.com
anddocs.my-site.com
- Select the Create IP Block Rule button
- Apply the changes:
- When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
- Select Review Changes and review the changes to be applied
- Select Publish to apply the changes to your production deployment
Account-level IP Blocking is available on Enterprise plans
To block an IP address, you can create an IP Blocking rule in your dashboard:
- On your Team's dashboard, navigate to Settings and select the Security tab
- On the IP Blocking section, select Create New Rule to create a new rule set
- Add the IP address you want to block and the host you want to block it from. The host is the domain name of the site you want to block the IP address from accessing
- You can copy this value from the URL of the site you want to block without the
https
prefix - It must match the exact domain you want to block, for example
my-site.com
,www.my-site.com
ordocs.my-site.com
- You should add a separate entry for each subdomain that you wish to block, such as
blog.my-site.com
anddocs.my-site.com
- You can copy this value from the URL of the site you want to block without the
- Select the Create IP Block Rule button
Was this helpful?