Auto-blocked IPs – Manage Automatically Blocked IP Addresses
Overview
Section titled “Overview”The Auto-blocked IPs page displays all IP addresses that have been automatically blocked by Mideye Shield’s fraud score analysis. When an authentication request originates from an IP address with a fraud score at or above the configured block threshold, the IP is added to this list and all subsequent requests from it are immediately blocked for the configured expiration period.
Each blocked IP entry includes the originating IP address, its country code, the fraud score that triggered the block, the timestamp when the block was applied, and when it expires. Administrators can manually unblock IP addresses to restore access before the automatic expiration.
Access & Permissions
Section titled “Access & Permissions”Required Role: ROOT, SUPER_ADMIN, or ADMIN (to unblock IPs)
Navigation: Home → Mideye Shield → Auto-blocked IPs
| Role | View Blocked IPs | Unblock IP |
|---|---|---|
| ROOT | ✅ | ✅ |
| SUPER_ADMIN | ✅ | ✅ |
| ADMIN | ✅ | ✅ |
| OPERATOR | ✅ | ❌ |
Features & Configuration
Section titled “Features & Configuration”Viewing Blocked IP Addresses
Section titled “Viewing Blocked IP Addresses”The data grid displays all currently blocked IP addresses with their associated metadata.
| Column | Description |
|---|---|
| IP Address | The blocked IPv4 address |
| Blocked At | Timestamp when the IP was blocked (formatted in local time) |
| Expiration Time | When the block expires and the IP is automatically released (formatted in local time) |
| Country Code | Two-letter ISO country code of the IP’s geographic origin (or “N/A” if unknown) |
| Fraud Score | The numerical fraud score (0–100) that triggered the automatic block |
| Actions | Unblock button to manually release the IP |
Unblocking an IP Address
Section titled “Unblocking an IP Address”Each row includes an Unblock button that immediately removes the IP from the blocked list. Once unblocked, authentication requests from that IP are processed normally.
Exporting Blocked IP Data
Section titled “Exporting Blocked IP Data”Click the Export icon in the toolbar to access export options:
| Option | Description |
|---|---|
| Download as CSV | Exports all blocked IP data to a CSV file |
| Opens the browser print dialog for the data grid |
Field Reference
Section titled “Field Reference”| Field Name | Type | Required | Description |
|---|---|---|---|
| ipAddress | String | Yes | The blocked IPv4 address (unique) |
| blockedAt | LocalDateTime | Yes | When the block was applied |
| expirationTime | LocalDateTime | Yes | When the block automatically expires |
| countryCode | String | No | ISO 3166-1 alpha-2 country code |
| fraudScore | Integer | Yes | IP reputation score (0–100) that triggered the block |
Actions
Section titled “Actions”Unblock IP
Section titled “Unblock IP”Purpose: Immediately remove an IP address from the block list. Prerequisites: ADMIN role or higher. Steps:
- Locate the IP address in the data grid.
- Click the Unblock button in the Actions column.
Result: The IP is removed from the blocked list and authentication requests from that IP are processed normally. A success notification is displayed.
Refresh
Section titled “Refresh”Purpose: Reload the blocked IP list from the server. Steps: Click the Refresh (loop) icon in the toolbar. Result: The data grid updates with the current blocked IP list.
Export
Section titled “Export”Purpose: Download the blocked IP data for offline analysis or reporting. Steps:
- Click the Export (download) icon in the toolbar.
- Select “Download as CSV” or “Print”.
Result: CSV file is downloaded or print dialog opens.
Common Use Cases
Section titled “Common Use Cases”Investigating a Blocked Legitimate User
Section titled “Investigating a Blocked Legitimate User”- Review the blocked IP list and identify the IP address reported by the user.
- Check the fraud score — a moderate score (e.g., 60–75) may indicate a false positive.
- Click Unblock to immediately restore access.
- If the IP is frequently blocked, consider lowering the block threshold on the Configuration page or creating an ALLOW rule.
Monitoring Geographic Attack Patterns
Section titled “Monitoring Geographic Attack Patterns”- Review the Country Code column to identify countries with high concentrations of blocked IPs.
- Export the data to CSV for more detailed geographic analysis.
- Consider creating subnet-based static filter rules for known malicious IP ranges.
Reviewing Block Effectiveness
Section titled “Reviewing Block Effectiveness”- Note the total number of blocked IPs.
- Check the Fraud Score distribution — consistent high scores (85+) indicate the threshold is well-calibrated.
- If many IPs have scores near the threshold, consider adjusting the threshold up (fewer blocks, fewer false positives) or down (more blocks, stricter security).
Troubleshooting
Section titled “Troubleshooting”| Issue | Possible Cause | Resolution |
|---|---|---|
| Page is disabled / inaccessible | Air-gapped mode is enabled | Auto-blocking requires internet access for IP reputation scoring |
| No blocked IPs appear | Block threshold too high or shield disabled | Verify Mideye Shield is enabled and the block threshold is appropriate |
| Unblock button not visible | Insufficient permissions | Requires ADMIN role or higher |
| IP keeps getting re-blocked after unblock | Ongoing requests with high fraud score | Create a permanent ALLOW rule in Static Filter Rules |
| Country code shows “N/A” | Geographic data unavailable for the IP | Some IPs (private ranges, proxies) don’t have geographic data |
Related Pages
Section titled “Related Pages”- Mideye Shield Configuration — Configure fraud score thresholds and block duration
- Static Filter Rules — Create permanent ALLOW or BLOCK rules for specific IPs or usernames
- Blocked Attempts — View all blocked authentication attempts including those from auto-blocked IPs
- Authentication Logs — Review authentication events and fraud scores