IP Threat Feeds

Enterprise

Protect your application endpoints by automatically synchronizing blocklists from external IP threat feeds or custom corporate firewall lists.

How Threat Feeds Work

Rather than manually adding IP ranges to your firewall configuration, you can link external lists of malicious IPs or CIDRs. EdgeWrap pings these URLs hourly, compiles the lists, and updates the local edge firewalls automatically.

Dashboard Setup & Configuration

You can configure IP Threat Feeds directly inside the EdgeWrap Dashboard:

  1. Navigate to your project in the dashboard at https://app.edgewrap.pro.
  2. Go to the Security page and select the IP Threat Feeds tab.
  3. Click the Add Threat Feed button.
  4. Enter a feed name and select the feed type (such as Tor, VPN, proxy, botnets, or custom).
  5. Enter the public URL hosting the plaintext IP/CIDR block list.
  6. Configure the default action when a request matches the blocklist (such as block, challenge, or log).
  7. Click Save Feed to begin automated background synchronization.

API Configuration

Alternatively, you can manage your IP Threat Feeds programmatically:

ParamTypeDescription
feedNamestringA unique identifier name for the feed.
feedTypetor | proxy | vpn | botnet | customType of IP threat feed classification.
customFeedUrlstringThe public URL hosting the plaintext IP/CIDR list (required for custom feeds).
actionblock | challenge | logAction to take when a client matches the feed: 'block', 'challenge', or 'log'.(default: block)
isEnabledbooleanWhether the feed is active.(default: true)
Add a threat feed to a project via API
curl -X POST https://server.edgewrap.pro/v1/projects/prj_01jxyz/threat-feeds \
  -H "Authorization: Bearer <your_session_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "feedName": "Spamhaus IP Drop List",
    "feedType": "custom",
    "customFeedUrl": "https://www.spamhaus.org/drop/drop.txt",
    "action": "block",
    "isEnabled": true
  }'
Warning: Ensure your threat feed server returns a valid text/plain content type. Lists exceeding 50,000 rules are truncated on Free/Standard tiers. Enterprise supports up to 1,000,000 IP/CIDR records.