Allowlist IP Endpoint

Overview

One of the most common uses of the WAF is to block and allow traffic based on specified IP addresses. 

Blocked IPs are referred to as being “block listed” and explicitly allowed IPs are referred to as “allow listed”.

This API endpoint lets you list, add and remove IP addresses from your IP rules. 

Important Notes

This endpoint is designed for adding serial usage (for example: blocking bad IP addresses via a webhook). It is not recommended to make API requests in parallel as this can cause unexpected behavior.  

Both individual IP addresses and CIDR ranges are supported. For example, you can allowlist a single IP like 192.34.55.78 or a /24 subnet like 10.0.0.0/24 or a /16 subnet like 10.0.0.0/16.

If you have a large list of IPs to be allowed please send it to support@expeditedsecurity.com and we will be happy to import it for you.

GET /api/allowlist_ips

Requests the current values in the IP allowlist for the WAF instance.

Required Parameters

• api_key - your API Key

Request Format

GET /api/allowlist_ips

Parameters

api_key=example-api-key

Response - HTTP 200 - application/json

[	"70.161.42.62",	"70.161.42.63",	"70.0.0.0/24",	"192.34.8.8",	"192.34.55.44"]

curl https://api.expeditedsecurity.com/api/allowlist_ips/?api_key=YOUR-API-KEY

POST /api/allowlist_ip

Adds an allowlisted IP to the WAF instance.

Required Parameters

• api_key - your API Key
• IP - the IP to be allowlisted

Request Format

POST /api/allowlist_ip

Form Parameters

api_key=YOUR-API-KEY&ip=192.293.93.44

Response - HTTP 200 - application/json

{	"domain": "example.com",	"success": true,	"message": "IP address 192.34.55.78 allowlisted for 1 domain(s)."}

Failed Response - HTTP 400 - application/json

If the IP operation is rejected (e.g., invalid IP format or IP already allowlisted), the endpoint returns HTTP 400 with an error message.

{
	"domain": "example.com",
	"success": false,
	"message": "<Error Message>"
}

Curl Formatted Example

curl -d "api_key=YOUR-API-KEY&ip=192.34.55.78" https://api.expeditedsecurity.com/api/allowlist_ip

DELETE /api/allowlist_ip

Removes an allowlisted IP from the WAF instance.

Required Parameters

• api_key - your API Key
• IP - the IP to be removed from the allowlist

Request Format

DELETE /api/allowlist_ip

Form Parameters

api_key=YOUR-API-KEY&ip=192.293.93.44

Response - HTTP 200 - application/json

{	"domain": "sendcheckit.com",	"success": true,	"message": "The IP address 192.34.55.78 was removed from the allowlist for 1 domain(s)."}

Failed Response - HTTP 400 - application/json

If the IP operation is rejected (e.g., IP not found in allowlist), the endpoint returns HTTP 400 with an error message.

{
	"domain": "example.com",
	"success": false,
	"message": "<Error Message>"
}

Curl Formatted Example

curl -X "DELETE" -d "api_key=YOUR-API-KEY&ip=192.34.55.78" https://api.expeditedsecurity.com/api/allowlist_ip

API Help

We’re happy to help you build whatever functionality you need with the API.

Please don’t hesitate to :

• Contact us at support@expeditedsecurity.com
• Book a Call at https://app.harmonizely.com/expedited/30-min

We are a team of developers and sysadmins who can help troubleshoot and debug whatever API interactions you need to create.