IP Threat Feeds
EnterpriseProtect your application endpoints by automatically synchronizing blocklists from external IP threat feeds or custom corporate firewall lists.
How Threat Feeds Work
Rather than manually adding IP ranges to your firewall configuration, you can link external lists of malicious IPs or CIDRs. EdgeWrap pings these URLs hourly, compiles the lists, and updates the local edge firewalls automatically.
Dashboard Setup & Configuration
You can configure IP Threat Feeds directly inside the EdgeWrap Dashboard:
- Navigate to your project in the dashboard at
https://app.edgewrap.pro. - Go to the Security page and select the IP Threat Feeds tab.
- Click the Add Threat Feed button.
- Enter a feed name and select the feed type (such as Tor, VPN, proxy, botnets, or custom).
- Enter the public URL hosting the plaintext IP/CIDR block list.
- Configure the default action when a request matches the blocklist (such as block, challenge, or log).
- Click Save Feed to begin automated background synchronization.
API Configuration
Alternatively, you can manage your IP Threat Feeds programmatically:
| Param | Type | Description |
|---|---|---|
| feedName | string | A unique identifier name for the feed. |
| feedType | tor | proxy | vpn | botnet | custom | Type of IP threat feed classification. |
| customFeedUrl | string | The public URL hosting the plaintext IP/CIDR list (required for custom feeds). |
| action | block | challenge | log | Action to take when a client matches the feed: 'block', 'challenge', or 'log'.(default: block) |
| isEnabled | boolean | Whether the feed is active.(default: true) |
Add a threat feed to a project via API
curl -X POST https://server.edgewrap.pro/v1/projects/prj_01jxyz/threat-feeds \
-H "Authorization: Bearer <your_session_token>" \
-H "Content-Type: application/json" \
-d '{
"feedName": "Spamhaus IP Drop List",
"feedType": "custom",
"customFeedUrl": "https://www.spamhaus.org/drop/drop.txt",
"action": "block",
"isEnabled": true
}'Warning: Ensure your threat feed server returns a valid
text/plain content type. Lists exceeding 50,000 rules are truncated on Free/Standard tiers. Enterprise supports up to 1,000,000 IP/CIDR records.