An IP Address Management Policy (IPAM) defines a way of managing a list or pool of IP addresses in use by a network and its devices. In the web hosting industry, we’re typically referring to IPAM as a list of good, clean IP addresses that are to be permanently allowed (fka “white listed”) against a server or service -- or a list of dirty/bad IP addresses to be permanently denied (fka “black listed”) against a server or service.
Allow List
An allow list should consist of static IP addresses that are fully trusted, and that require extensive access to a server or service beyond what is publicly available. You might want to add an IP address to the allow list if, for example, it needs unfiltered access to a TCP port that is closed to the public, or perhaps to avoid a packet/request rate limit that is set against your server or service.
Remember, an allow list is designed to give complete, unfiltered and unrestricted access to your server or service, so this list should be propagated with great care. IP addresses on an allow list should be ‘fixed’ or ‘static’, denoting they are designated to your particular company, internet connection, or internet-facing server. Allow list IPs should not include:
- Spot/temporary cloud server instances
- CDN (Content Delivery Networks)
- A home or remote worker’s IP address
- A random list of IPs that “tech support” provided you
If you are facing temporary firewall or WAF-based block against your website, server or service, please contact tech support who can help you understand the cause of the block and provide a resolution. Please do not blindly add IP addresses into an allow policy!
Deny List
A deny list should consist of any IP addresses that are wholly untrusted and should not have access to your server or service. These may include misbehaving bots, heavy crawlers, business competitors, and common attack sources. A deny list will permanently disallow all connectivity to and from the IP addresses it lists.
It is easier and safer to deny an IP address from accessing your server or service than it is to allow it. After all, a denied IP address cannot access anything at all whereas an allowed IP address has full god-like access.
IPAM Format
We accept allow and deny lists as raw text file types. You can use any regular text file extension, but recommend you choose .txt for ease.
IP addresses should be in full IPv4 and/or IPv6 format, and should be added one address per line. You may include a prefix size via slash notation. You may prepend text comments or hints after each address within the same line, or on a new line. Comments should be prepended with the hash/pound symbol.
You may host a text file on a publicly accessible domain, eg www.mysite.com/ip-allow.txt, and we can automatically update this list against your server or service.
Please find an example IPAM file format below:
## My Allow List
1.1.1.1 # Cloudflare DNS
8.8.8.8/32
## Start of IP list 1
4.2.2.2
208.67.222.222
## End of IP list 2
192.168.0.0/24
