Introduction
This section demonstrates the usage of EvoShield IP whitelists to enhance the security of your server and applications. This feature is available with all EvoShield Remote DDoS Protection services as well as VPS and VDS hosting plans protected by EvoShield.
What can the EvoShield IP whitelist system be used for?
All EvoShield tunnels and IPs protected by EvoShield include an IP address whitelist. EvoShield will accept all traffic from whitelisted IPs, even if the traffic would otherwise be blocked by an EvoShield rule, or if the traffic is destined for a closed port.
Example use cases include:
- Securing SSH/Remote Desktop or other applications that don't need to be publicly accessible, so that only specified IPs can connect to those ports.
- Reducing the available attack surface for DDoS attacks and malicious exploitation of software vulnerabilities.
- Whitelisting the IP of MySQL (or other database) client devices for enhanced security.
- Whitelisting IPs that should be allowed to connect to private development/test servers.
- Securing your POP3/IMAP servers with a whitelist of email client IP addresses.
- Hiding ports of private applications such as a private VPN server.
Configuration
To add IPs to your EvoShield whitelist, first click the “Edit IP Whitelist” button:
The IP whitelist management dialogue will then be displayed:
This dialogue can be used to add, remove and edit whitelist IPs.
After adding the IPs that you would like to whitelist, click Save and the changes will take effect immediately:
The number of IPs whitelisted will then be displayed below the list of active EvoShield profiles:
Summary
The whitelisted IPs will now be able to communicate with all ports/applications on your server, even if there aren't any EvoShield profiles setup and the Block inbound traffic that doesn't match a rule option is enabled.
You can return to the EvoShield IP Whitelist management area at any time to modify the IP whitelist for a specific EvoShield Remote DDoS Protection tunnel or EvoShield protected VPS/VDS IP.
Whitelisted IPs will remain in the list unless they are removed via the control panel or API.
Whitelist API
If you would like to whitelist a large number of IPs, automate the whitelist management or integrate the whitelist system with an external application/interface, the EvoShield API can be used to achieve this.
View the EvoShield API documentation for more information.
Get EvoShield Remote DDoS Protection