IP management
Manage IP policy in your organization with denylists, allowlists (trusted hosts), and source names:
Note
For denylists and allowlists, Contrast checks the Client Address
and the X-Forwarded-For
request headers to see if the IP addresses match the list entries.
IP denylist: Sets rules that let Contrast Protect block all IP addresses in this list
Using a denylist is appropriate for immediate triage until you can put a more permanent Protect policy in place or conduct an investigation.
IP allowlist: Marks trusted hosts conducting internal vulnerability scans as safe. Contrast doesn't show data for IP addresses in this list.
Entries in this list don't override entries in IP denylists
Contrast Assess features remain unaffected and continue to function as normal.
Contrast Protect ignores all IP addresses (or ranges) that match entries in this list. It does not monitor or block any attacks from IP addresses in the list.
Source name: Labels attack events caused by known sources, such as pen testers, based on one or more IP addresses or subnet masks.
When you view attacks in the Attacks > Monitor and Attack Details pages, Contrast displays the source name instead of the attacker's IP information. Displaying this value allows you to quickly identify and differentiate expected events from attack events that need your attention.