WAF IP Blocking

Learn how to customize the Vercel WAF to restrict access to certain IP addresses.

Table of Contents

You can create custom rules to block a specific IP address or multiple IP addresses by CIDR, effectively preventing unauthorized access or unwanted traffic. This security measure allows you to restrict access to your applications or websites based on the IP addresses of incoming requests.

Common use cases for IP blocking on Vercel include:

Blocking known malicious IP addresses
Preventing competitors or scrapers from accessing your content

In cases such as blocking based on complying with specific laws and regulations or to restrict access to or from a particular geographic area, we recommend using Custom Rules.

Access roles

You need to be a Developer or Viewer in the team to view the Firewall overview page and list the rules
You need to be a Project administrator or Team member to configure, save and apply any rule and configuration

Project level IP Blocking

Project level IP Blocking is available on all plans

Those with the member, viewer, developer and administrator roles can access this feature

To block an IP address, navigate to the Firewall tab of your project and follow these steps:

Select Configure on the top right of the Firewall overview page
Scroll down to the IP Blocking section
Select the + Add IP button
Complete the required IP Address Or CIDR and Host fields in the Configure New Domain Protection modal
- The host is the domain name of the site you want to block the IP address from accessing. It should match the domain(s) associated with your project
- You can copy this value from the URL of the site you want to block without the https prefix
- It must match the exact domain you want to block, for example my-site.com, www.my-site.com or docs.my-site.com
- You should add an entry for all subdomains that you wish block, such as blog.my-site.com and docs.my-site.com
Select the Create IP Block Rule button
Apply the changes:
- When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
- Select Review Changes and review the changes to be applied
- Select Publish to apply the changes to your production deployment

Account-level IP Blocking

Account-level IP Blocking is available on Enterprise plans

Those with the owner and member roles can access this feature

How to add an IP block rule

To block an IP address, you can create an IP Blocking rule in your dashboard:

On your Team's dashboard, navigate to Settings and select the Security tab
On the IP Blocking section, select Create New Rule to create a new rule set
Add the IP address you want to block and the host you want to block it from. The host is the domain name of the site you want to block the IP address from accessing
- You can copy this value from the URL of the site you want to block without the https prefix
- It must match the exact domain you want to block, for example my-site.com, www.my-site.com or docs.my-site.com
- You should add a separate entry for each subdomain that you wish to block, such as blog.my-site.com and docs.my-site.com
Select the Create IP Block Rule button

Note: If you need Account-level IP blocking, contact us to discuss Enterprise.

Contact Sales

Last updated on July 27, 2024

Web Application Firewall

Custom Rules

Was this helpful?