Skip to main content

How to Create an IP Rule Override (Block or Ignore an IP)

Written by Salvador Aguilar

This guide shows you how to create a custom IP Rule Override so SmartWAF blocks or ignores traffic from a specific IP address, IP range, or CIDR block.

Overview

IP Rule Overrides let you tailor SmartWAF's behavior for a specific IP to fit your own scenario, on top of Monarx's standard detection:

  • BLOCK (blocklist) — SmartWAF denies traffic from this IP.

  • IGNORE (whitelist) — SmartWAF skips inspection/action for this IP, useful for known-good sources (e.g., internal scanners, trusted partners) that are triggering false positives.

Prerequisites

  • Access to app.monarx.com with permissions to manage IP rules.

  • The IP address, IP range, or CIDR block you want to override, and whether it should be blocked or ignored.

Steps

1. Identify the IP you want to override

Go to Network Activity and filter the data to find the IP address involved in the traffic you want to block or ignore. Confirm this is the correct address before creating a rule for it — a rule affects all matching traffic going forward.

2. Go to IP Management

Navigate to IP Management.

3. Click "+ New"

Click the + New button in the top right. This opens the New IP Rule panel.

4. Fill in the rule configuration

  • IP Address (required): Enter the address as IPv4, IPv6, or CIDR notation (e.g., a /24 to cover a range).

  • Action (required): Select BLOCK or IGNORE from the dropdown.

  • Agent / Host ID (optional): Scope the rule to a specific agent/host by pasting its Agent ID, or typing a hostname and selecting it from the results list. Leave this blank to apply the rule to all servers in your enterprise.

  • Notes: Not required, but recommended — use it to record why the rule was created, such as a Slack thread link or a ticket ID, so the reasoning is documented for anyone reviewing the rule later.

Full size preview

5. Submit

Click Submit to save the rule.

⌛ Propagation Time

Allow up to 20 minutes for the new rule to propagate to all agents before it takes effect.

🔍 Verify It Worked

After propagation, check Network Activity for traffic from that IP to confirm it's now being blocked or ignored as expected. You can also revisit IP Management to confirm the rule is listed with the correct IP, action, and scope.

Common Issues

  • Rule doesn't seem to be working yet: Confirm at least 20 minutes have passed since submission.

  • Rule only affecting some servers: Check whether an Agent/Host ID was set — if so, the rule only applies to that specific agent, not the whole enterprise.

  • Wrong IP blocked/ignored: Edit or remove the rule from IP Management and recreate it with the correct address or CIDR range.

Still Having Issues?

Contact Monarx support via live chat if the rule isn't behaving as expected after propagation.

Did this answer your question?