IP Filters are GeoDNS rules that can be applied to A, AAAA, CNAME, and ANAME records across multiple domains. You can assign filters by region, country, city, Autonomous System Network (ASN) numbers, or by /24 IPv4 and /120 IPv6 EDNS client subnets.
Note: Not all resolvers pass the EDNS client subnet in the header.
With IP filters applied to a domain, queries will be answered with the record that matches the criteria of the IP rule. If a request comes through that is not covered under a rule, it will be returned according to the World (default) setting.
Note: To use IP filters, you must first create a record of the same name and type with the World (default) setting.
Common Use Cases For Using IP Filter Rules
IP filters are most commonly used for segmenting and blocking traffic. For example, you can create an IP rule for your domain that you can use to segment traffic to users based on location. You can also block traffic from certain areas, by ASN, or subnets. This option will prevent filtered traffic from accessing your systems. This is especially beneficial for preventing DDoS attacks or managing unusual or suspicious traffic as queries are automatically dropped if they meet the criteria of the filter.
Note: GeoIP services must be enabled to use IP filters (see step 2).
- A domain has already been added to your Contellix account
- You have created or imported records for your domain
- You have all necessary IP, host, ASN, or IP/netmask information
How to Create an IP Rule in Constellix
1: Log in to the Constellix
In the Constellix dashboard, select your domain from the Recently Updated Domains list or search for the domain in the top-left search bar.
Note: Options available may vary depending on the current configurations set for your domain.
2. Enable GeoIP Services for Domain
Skip to step 3 if GeoIP services have already been enabled for your domain.
After selecting the domain that needs an IP filter rule, click on the green Advanced Settings button on the far right-hand side of the screen. Next, choose Enable GeoIP Services from the drop-down menu.
You will see a brief green confirmation message and will then be prompted to review and apply changes. Tap “click here” to commit the change. If you need help with this step, visit our Committing Changes in Constellix DNS tutorial.
Note: IP Filter rules supersede any Geo Proximity rules that are configured.
3. Select IP Filter
After enabling GeoIP services, click on Advanced in the left-hand menu in the Constellix dashboard and then select the option for IP Filter.
4. Add New IP Filter
Upon selecting IP Filter, you will be directed to the IP Filter area of the dashboard. The World (Default) setting will automatically be added to the list of filters.
To create a new one, click on the green + Add New IP Filter button on the far right-hand side of the screen.
5. Enter Filter Information
In the Add IP Filter pop-up window, enter the following information:
A. Name: Create a unique, easy-to-identify name for your filter (you will need this later when you apply it to a domain).
B. Filter rules Limit: This option allows you to set limits for the number of rules you can have for your domain. You can have up to 500 IP rules.
Note: Be aware that billing for IP rules is based on increments of 100 (1-100 rules are the same cost). We recommend setting this rule no higher than is needed, as it can be adjusted at any time.
C. Filter by Geographical Location: Filtering by location lets you choose a region, state, or city for your rule. Click on the bolded arrow beside the country name to see all available options.
Next, click on the city, state, or region you want to apply the filter to. Once you have highlighted an area, the Region button will turn dark gray; tap this button to add your selection to the User Rules section. Repeat until you have entered all locations that apply to this specific rule.
D. Filter by ASN: This option allows you to create a rule based on an ASN. Enter the ASN you wish to filter and then click the gray ASN→ button. This will add your selection to the User Rules section on the right. Repeat until you have entered all ASNs that apply to this specific rule.
E. Filter by IPv4 Address: Enter the IP or subnet (in CIDR notation) v4/netmask if you are filtering by IP and then click on the IPv4→ button to add the IP to User Rules.
F. Filter by IPv6 Address: Enter the IPv6/netmask if you are filtering by IP and then click on the IPv6→ button to add the IP to User Rules.
G. Save: Once you have added all of the rules for this filter, click the green Save button. After saving you will see a green success message on your screen and the rule will be added to your filter list.
6. Apply Filter to Domain
Once you have created all necessary filters, you will need to apply them to a domain before they take effect. If you need help with this step, visit our Apply IP Filter to a Domain guide, which will walk you through the steps.
Once you have applied the filter to your domain, be sure to review and commit changes.