Docs

Blocklist IP Endpoint

Overview

One of the most common uses of the WAF is to block and allow traffic based on specified IP addresses. 

Blocked IPs are referred to as being “blocklisted” and explicitly allowed IPs are referred to as “allowlisted”.

This API endpoint lets you list, add and remove IP addresses from your IP rules. 

Important Notes

This endpoint is designed for adding serial usage (for example: blocking bad IP addresses via a webhook). It is not recommended to make API requests in parallel as this can cause unexpected behavior.  

Both individual IP addresses and CIDR ranges are supported. For example, you can block a single IP like 192.34.55.78 or an entire /24 subnet like 10.0.0.0/24 or a /16 subnet like 10.0.0.0/16.

If you have a large list of IPs to be blocked please send it to support@expeditedsecurity.com and we will be happy to import it for you.

GET /api/blocklist_ips

Requests the current values in the IP Blocklist for the WAF instance.

Required Parameters

  • api_key - your API Key

Request Format

GET /api/blocklist_ips

Parameters

api_key=example-api-key

Response - HTTP 200 - application/json
[
	"70.161.42.62",
	"70.161.42.63",
	"70.0.0.0/24",
	"192.34.8.8",
	"192.34.55.44"
]

curl https://api.expeditedsecurity.com/api/blocklist_ips/?api_key=YOUR-API-KEY

POST /api/blocklist_ip

Adds a blocklisted IP to the WAF instance.

Required Parameters

  • api_key - your API Key
  • IP - the IP to be blocklisted

Request Format

POST /api/blocklist_ip

Form Parameters

api_key=YOUR-API-KEY&ip=192.293.93.44

Response - HTTP 200 - application/json
{
	"domain": "example.com",
	"success": true,
	"message": "IP address 192.34.55.78 blocklisted for 1 domain(s)."
}
Failed Response - HTTP 400 - application/json

If the IP operation is rejected (e.g., invalid IP format or IP already blocklisted), the endpoint returns HTTP 400 with an error message.

{
	"domain": "example.com",
	"success": false,
	"message": "<Error Message>"
}
Curl Formatted Example

curl -d "api_key=YOUR-API-KEY&ip=192.34.55.78" https://api.expeditedsecurity.com/api/blocklist_ip

DELETE /api/blocklist_ip

Removes a blocklisted IP from the WAF instance.

Required Parameters

  • api_key - your API Key
  • IP - the IP to be removed from the blocklist

Request Format

DELETE /api/blocklist_ip

Form Parameters

api_key=YOUR-API-KEY&ip=192.293.93.44

Response - HTTP 200 - application/json
{
	"domain": "sendcheckit.com",
	"success": true,
	"message": "The IP address 192.34.55.78 was removed from the blocklist for 1 domain(s)."
}
Failed Response - HTTP 400 - application/json

If the IP operation is rejected (e.g., IP not found in blocklist), the endpoint returns HTTP 400 with an error message.

{
	"domain": "example.com",
	"success": false,
	"message": "<Error Message>"
}
Curl Formatted Example
curl -X "DELETE" -d "api_key=YOUR-API-KEY&ip=192.34.55.78" https://api.expeditedsecurity.com/api/blocklist_ip

API Help

We’re happy to help you build whatever functionality you need with the API.

Please don’t hesitate to :

We are a team of developers and sysadmins who can help troubleshoot and debug whatever API interactions you need to create.