By default, Sucuri Firewall will restrict access to your admin pages (e.g.
/admin) so that only authorized IP’s can log in. That way, if your user accounts are ever compromised, your site will still be safe.
To authorize an IP to log in to your site, you will need to whitelist them in your dashboard. If you are getting the following error when trying to access your site, you need to whitelist your own IP.
Block ID: IPB17
Block reason: Your request was not allowed due to IP blocking (not white listed).
Whitelisting IPs using the dashboard
Whitelisting IPs is very simple and there are two ways of doing this.
- Click here, select the desired website firewall and enter your current IP address under the Allow IP Addresses section.
- Click on Allow to whitelist your IP address once you have typed it into the box.
Whitelisting IPs using the API
- Click here, select the desired website firewall and to go to your API settings section, then click on the Allow IP green button in the Quick Links section.
That will automatically whitelist your IP address. You can bookmark that link and share with other administrators of your site to allow them access. Any time they get blocked, all they need to do is visit that link to allow them back in.
Whitelisting IP Ranges
Unless it is absolutely necessary, this isn’t recommended due to the security risks involved with whitelisting too many IP addresses.
You can whitelist subnets by adding IP addresses using the CIDR (Classless Inter-Domain Routing) format.
Let’s say you want to whitelist all IP addresses from
18.104.22.168, then you just need to whitelist the
22.214.171.124/24 range. If you want to whitelist all IP addresses from
126.96.36.199, you would need to whitelist
At this time, you can only whitelist /24, /16 or /8 ranges.
Disabling admin panel restriction
- Click the link here and select the desired website firewall.
- Under the Advanced Security Options uncheck the Admin panel restricted to only Whitelisted IP addresses option and click on Proceed.
This will turn off this option and allow anyone to access the administrator login pages.