The global IP blacklist feed, based on threat intelligence, identifies untrustworthy IP addresses that are used in attacks. It’s a great way to protect your web site and email inboxes.

The IP addresses in the global blacklist feed are based on reputation and behavior, not just country of origin. Using this kind of behavior-based threat intelligence with blacklists improves detection of evasive threats by recognizing patterns that attackers use to avoid traditional WAF rules. Prophaze elevates traditional IP blacklisting by combining it with real-time AI-driven threat intelligence. Its platform dynamically updates blacklists based on global attack patterns and user behavior, reducing manual intervention and minimizing false positives.

Global IP Blacklist Feed: Protecting Networks from High-Risk Addresses

A global IP intelligence policy combines feed lists, default actions, and logging settings into a container that you can apply to a virtual server or route domain. The policies can be created on either the application or the BIG-IP device level. When a policy contains both a default setting and an IP Intelligence feed list or category, the more specific setting takes precedence.

To configure an IP intelligence policy, in the Configuration menu, select Security > Network Firewall > IP Intelligence > Feed Lists. Create a new feed list by specifying the name, a polling interval (in seconds), and a blacklist category.

You can add single IP addresses, Fully Qualified Domain Names (FQDNs), or geographical locations to the blacklist categories. You can also define policy-based responses for the different types of blacklist categories so that you can provide unique responses to specific kinds of addresses, based on what they do or don’t do.