How-to
3 min read

WAF IP Blocking

Learn how to customize the Vercel WAF to restrict access to certain IP addresses.
Table of Contents

You can create custom rules to block a specific IP address or multiple IP addresses by CIDR, effectively preventing unauthorized access or unwanted traffic. This security measure allows you to restrict access to your applications or websites based on the IP addresses of incoming requests.

Common use cases for IP blocking on Vercel include:

  • Blocking known malicious IP addresses
  • Preventing competitors or scrapers from accessing your content

In cases such as blocking based on complying with specific laws and regulations or to restrict access to or from a particular geographic area, we recommend using Custom Rules.

Project level IP Blocking is available on all plans

Those with the member, viewer, developer and administrator roles can access this feature

To block an IP address, navigate to the Firewall tab of your project and follow these steps:

  1. Select Configure on the top right of the Firewall overview page
  2. Scroll down to the IP Blocking section
  3. Select the + Add IP button
  4. Complete the required IP Address Or CIDR and Host fields in the Configure New Domain Protection modal
    • The host is the domain name of the site you want to block the IP address from accessing. It should match the domain(s) associated with your project
    • You can copy this value from the URL of the site you want to block without the https prefix
    • It must match the exact domain you want to block, for example my-site.com, www.my-site.com or docs.my-site.com
    • You should add an entry for all subdomains that you wish block, such as blog.my-site.com and docs.my-site.com
  5. Select the Create IP Block Rule button
  6. Apply the changes:
    • When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
    • Select Review Changes and review the changes to be applied
    • Select Publish to apply the changes to your production deployment

Account-level IP Blocking is available on Enterprise plans

Those with the owner and member roles can access this feature

To block an IP address, you can create an IP Blocking rule in your dashboard:

  1. On your Team's dashboard, navigate to Settings and select the Security tab
  2. On the IP Blocking section, select Create New Rule to create a new rule set
  3. Add the IP address you want to block and the host you want to block it from. The host is the domain name of the site you want to block the IP address from accessing
    • You can copy this value from the URL of the site you want to block without the https prefix
    • It must match the exact domain you want to block, for example my-site.com, www.my-site.com or docs.my-site.com
    • You should add a separate entry for each subdomain that you wish to block, such as blog.my-site.com and docs.my-site.com
  4. Select the Create IP Block Rule button

Note: If you need Account-level IP blocking, contact us to discuss Enterprise.

Contact Sales
Last updated on June 21, 2024