Skip to content

Commit c400c93

Browse files
authored
Document Community IP blocklist criteria and expiry (#48)
Expand the Community IP Blocklist module docs with when an IP is added (25+ network-wide firewall hits in the trailing month), the whitelisting safeguards that prevent false positives, and the ~30-day expiry behaviour. Add a "Read more" link from the site protection overview to the detailed page.
1 parent 98d176e commit c400c93

2 files changed

Lines changed: 19 additions & 1 deletion

File tree

src/content/docs/Patchstack App/Protection/patchstack-modules.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,3 +48,20 @@ These protection rules could cause false positives with remote WordPress managem
4848
### Community IP Blocklist
4949

5050
Community IP blocklist blocks access to IP addresses which are known to exploit vulnerabilities. This module contributes threat data back to the Patchstack network.
51+
52+
**When an IP is added**
53+
54+
The blocklist is built from firewall activity across the entire Patchstack network, not from any single site. An IP address is added when it triggers Patchstack's firewall rules **25 or more times within the past month** across all protected sites. Because the list is shared, once an IP passes that threshold it is blocked on every site that has the Community IP blocklist module enabled.
55+
56+
**Safeguards against false positives**
57+
58+
To avoid blocking legitimate traffic, several categories of IP address are automatically excluded from the blocklist, including:
59+
60+
- Private and reserved IP ranges
61+
- Patchstack's own infrastructure and scanning IPs
62+
- Major search engine crawlers (such as Google and Bing)
63+
- Well-known content delivery networks and monitoring services
64+
65+
**How long an IP stays on the list**
66+
67+
Entries are not permanent. The blocklist is rebuilt regularly from recent activity, so an IP that stops triggering firewall rules automatically drops off once it no longer meets the threshold within the trailing one-month window — roughly **30 days** after its last malicious activity.

src/content/docs/Patchstack App/Site Dashboard/Protection/app-protection-overview.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,8 @@ The **Advanced hardening** module applies additional security mechanics to the W
3838

3939
### Community IP blocklist
4040

41-
Community IP blocklist blocks access to IP addresses which are known to exploit vulnerabilities. This module contributes threat data back to the Patchstack network.
41+
Community IP blocklist blocks access to IP addresses which are known to exploit vulnerabilities. This module contributes threat data back to the Patchstack network.
42+
<a href="/patchstack-app/protection/patchstack-modules/#community-ip-blocklist" target="_blank">📖 Read more </a>
4243

4344
## Activity section
4445

0 commit comments

Comments
 (0)