DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Block Traffic With IP Filters

Solution ID : SO253
Last Modified : 10/21/2023

IP filters are a part of our GeoDNS suite. Filters allow you to optimize your traffic with custom geographic-based rules, thus providing you with more control over your domain. In this tutorial, we will demonstrate how to configure IP filter rules to block segments of traffic. In this example, we will be using an A Record, but the same steps would apply if using AAAA, CNAME, or ANAME records as well.

Common Use Case for Using IP Filter Rules to Block Traffic

In Constellix, you have the ability to block traffic by location, ASN, or IPv4 and IPv6 subnets. This is especially useful for stopping DDoS attacks or managing suspicious or malicious activity as the traffic will be unable to access your systems. When an IP Filter is applied to a record with the intent to block traffic, our nameservers will automatically drop queries from any requests that match the rule criteria.


How to Block Traffic With IP Filters

1. Log in to the Constellix 

In the Constellix dashboard, select your domain from the Recently Updated Domains list or search for the domain in the top-left search bar.

2. Edit or Create a Record that the IP Filter Will Be Applied To

Select the A record you want to apply the IP filter to and click the gray edit icon (or click the green + button if creating a new record).

3. Select Filter Rule

In the Edit A Record pop-up window, click on the IP Filter option and select the appropriate filter. Remember, you should have already created a record of the same type that has World (Default) settings applied to it. 

If you are creating a new record, be sure to fill out the Name and TTL values before moving on to the next step (IP information is unnecessary as we are configuring the filter to block traffic).

4. Configure Filter to Block Traffic

Next, tick the checkbox beside the Drop Query for the Selected IP Filter option. As you will see, once you choose this option, the Standard IP section is no longer available. 

Any queries that match this filter’s criteria will now be dropped and unable to access your system. Make any notes pertaining to this record and filter (optional), and then select Save and Close to complete the configuration. 

5. Commit Changes

After saving, you will be prompted to review and apply changes. 

Tap “click here” to commit the change. If you need help with this step, visit our Committing Changes in Constellix DNS tutorial.