IP Firewall

As a business owner, maintaining a secure website is a top priority. Volusion provides a secure, stable hosting platform and ecommerce environment so your customers can shop with confidence. You can fine-tune your security settings from your Admin Area with the IP Firewall page.

The IP Firewall page allows you to control incoming traffic to your storefront and your Admin Area. You can also configure the system to allow a maximum number of transactions for visitors to the site. Below are some tips for using this tool as well as some scenarios where you may want to use the IP Firewall settings.

Contents

Creating an IP Security Rule

To access the IP Firewall page, go to Settings > IP Firewall. From here, you can view and manage your existing IP security rules. To create a new IP security rule, click the Add button at the top of the page.

The IP security rules settings are as follows:

IP Address Security Rules

ID

This field contains an ID number to identify each security rule. This is auto-generated for each new rule.

IP Range Begin*

Enter the IP address or the start of the range of addresses you want to block or allow access to your store.

IP Range End

If defining a range of IP addresses to add or block from the system, enter the last IP address within the range you want to allow or block. Otherwise, leave this field blank.

Allow or Block*

Choose to allow or block access to the IP address or address range you define for the rule.

Applies to Admin Area Only

Enabling this checkbox will configure the IP rule to only block or allow access to the Admin Area – access to the storefront will not be affected by the IP rule.

If you do not enable this option, the IP rule will apply to both the Admin Area and the storefront.

Note that if you're attempting to block an IP range from the Admin Area only, you should also enable the Block IP Addresses to Admin option. See Additional IP Security Rules Settings section for more information.

 
*These fields are required for each IP security rule.
 

Note

Your IP security rules will only become active once you enable the Enable IP Address Security Rules On Frontend option. To enable this option from the IP Firewall page, click the three-dot actions menu icon, and select IP Firewall Settings.

Additional IP Security Rules Settings

In addition to the IP security rules, there are also some advanced settings you can configure:

  1. Go to Settings > IP Firewall.
  2. Click the three-dot actions menu icon and select IP Firewall Settings.
  3. After configuring these settings as needed, click the Save button within the dialog box.

The advanced IP security settings are as follows:

IP Firewall Settings

Block IP Addresses to Admin

Enabling this option will block all incoming traffic to your Admin Area, except from the specific IP addresses you allow by creating IP Security Rules. If you enable this option, be sure to also create a rule that allows your own IP address (see Special Settings and Tips section for more information).

Visitors attempting to log in to this portion of the site will see an Access Denied message.

Enable IP Address Security Rules On Frontend

By default, even though IP rules are set up within the table to block access to the storefront, settings are not active unless this option is enabled. Conversely, disabling this option disables all IP security rules for the storefront.  

Max Orders Per Day Per IP

Here, you can set the maximum number of orders that can be made from an individual IP address during the course of 24 hours. By default, the value is set to 20.

The purpose of this setting is to prevent credit account hunting. In this case, a person or program attempting credit fraud will use an online store to attempt to process repeated bogus orders from a shopping cart in order to test the validity of a series of credit card numbers they have obtained. Once a successful credit card order has been made, the individual will then know they have obtained a working credit card account.

This setting will automatically block store access to a visitor for 24 hours when the limit to the number of failed transactions has been reached. You can set this value to be as lenient or strict as they see fit.

Special Settings and Tips

There are many reasons for implementing IP security rules. The following are a few examples of why and how to use this powerful tool within Volusion.

Restricting Access to Your Admin Area

If the login information to your store’s Admin Area becomes compromised, there are a few steps you can take (in addition to changing passwords and purging certain administrator accounts):

  1. Go to Settings > IP Firewall.
  2. Click Add.
  3. Near the top of the screen, you'll see the current IP address your local computer system is connecting to Volusion through.

If your workstation has a static IP address that does not change, you only need to know this single IP address. If your workstation has a dynamic IP – a range of addresses that are assigned to the workstation that change over time – you'll need to know the range of the IP.

You'll also need to know the IP address or range of any other workstation you will be connecting to the Admin Area with (for example, a computer or laptop at home).

If you are using the Sell on eBay feature of Volusion, you must include 69.36.81.6 as an allowed IP address.

  1. Set the IP or IP range within the IP Range Begin / End fields as needed.
  2. Set the Allow Or Block menu to Allow.
  3. Click Save.
  4. Click the three-dot actions menu icon and select IP Firewall Settings.
  5. Select the Block IP Addresses To Admin option and click Save.

The firewall will now block any attempt to access the Admin Area except for the IP address or ranges defined in the preceding steps.

Note

Volusion technical support may need access to your store’s Admin Area at times when assisting you with technical issues. Please keep this in mind when contacting Volusion support if this type of IP block is in use.

Restricting Access to Your Storefront

If it ever becomes necessary for you to block a specific customer or IP address from accessing your website, your store keeps a record of all customer IP addresses in several places:

  • Each order (declined or accepted) records the IP address of the client who generated the order.
  • The abandoned cart feature can track the IP addresses of visitors.

Once obtained, you can block an unwanted visitor to your store by doing the following:

  1. Go to Settings > IP Firewall.
  2. Click Add.
  3. Set the IP or IP range as needed.
  4. Set the Allow Or Block menu to Block.
  5. Click Save.
  6. Click the three-dot actions menu icon and select IP Firewall Settings.
  7. Select Enable IP Address Security Rules on Frontend and click Save.

Note

The IP Firewall functionality blocks access to .asp pages on your Volusion store, including default.asp (home page), searchresults.asp, shoppingcart.asp, and any product, category, and article pages (including SEO-friendly versions of those URLs). The IP Firewall feature does not block access to images, CSS, javascript, and any custom ASP or HTML files you've added to your store, should they be accessed through a direct link.

Granting Storefront Access to Blocked Customers

At times, you may need to grant access to blocked customers – for example, if you’ve created an IP block for a range of IP addresses and later realize that a legitimate customer has placed several orders with your store from an IP address that falls within this range.

In this case, the existing IP rule prevents fraudulent customers from entering your store, but inadvertently blocks a legitimate customer as well. You will want to maintain the existing IP block but make an allowance for this one customer. Here’s how:

  1. Go to Settings > IP Firewall and click Add.
  2. Set the IP address within the IP Range Begin field to the valid customer’s address and leave the IP Range End blank.
  3. Set the Allow or Block menu list to Allow.
  4. Click Save.
  5. Click the three-dot actions menu icon and select IP Firewall Settings.
  6. Make sure the Enable IP Address Security Rules on the Frontend option is selected.
  7. Click Save.

Finished! The legitimate customer will now have access to your storefront. 

Summary

The internet has opened the world to global markets and changed the way people do business. Volusion provides a stable ecommerce platform that provides a secure shopping environment so you and your customers can conduct business with confidence.