Service StatusSupport Hub[email protected]
Documentation

Access Lists

Suggest Edits

Access Lists give you precise control over who can and cannot reach your applications. From blocking malicious proxies and anonymized botnets to allowing trusted infrastructure or internal tools, Access Lists provide real-time traffic filtering that is enforced instantly across our global edge.

Key Features

  • Flexible Controls: Allow, block, challenge, or log traffic based on IPs, CIDRs, ASNs, or entire countries.
  • Curated Threat Lists: Continuously updated feeds from leading reputation sources, available on Advanced, Business, and Enterprise plans.
  • Custom Lists: Create your own access policies with rules tailored to your exact needs, from trusted networks to high-risk regions.
  • Instant Enforcement: Rules propagate globally within seconds and are applied directly at the edge without adding latency or backend complexity.

Multi-layer Access Control

Access Lists combine curated intelligence with your own rules to deliver adaptive protection:

  • Curated threat feeds cover VPNs, Tor nodes, abusive datacenters, and active attack sources.
  • Custom rules allow you to define access logic for IPs, CIDRs, ASNs, or countries.
  • ASN-based filtering gives you broad control over provider networks to stop botnets hiding behind hosting providers.
  • Country-level rules make it easy to allow or block entire regions.

Access List Modes

Each Access List rule gives you full control over how Bunny Shield should handle matched traffic:

  • Allow: Ensure trusted traffic passes through without restriction.
  • Block: Drop malicious requests at the edge instantly.
  • Challenge: Trigger browser verification for suspicious traffic without blocking it outright.
  • Log: Record traffic patterns for analysis without applying enforcement.

Action Precedence

When multiple rules apply to the same request, Bunny Shield follows a defined order of precedence to ensure consistent results:

  1. Bypass: Always takes priority. Requests that match a Bypass rule skip further evaluation.
  2. Allow: Trusted traffic is passed through without restriction.
  3. Block: Requests are denied immediately if they match a block rule.
  4. Challenge: Suspicious requests are challenged if no higher-priority action applies.
  5. Log: If no other action matches, requests can be logged for monitoring and analysis.

This order ensures that trusted traffic is never blocked and that security actions are applied consistently across your rules.

Curated Threat Intelligence

Bunny Shield maintains a library of continuously updated reputation feeds that are deployed instantly across the edge. These feeds protect against evolving threats without manual upkeep:

  • Advanced: VPNs, common datacenters, Tor exit nodes, FireHOL Level 1, AbuseIPDB, NetMountains
  • Business: Includes all Advanced feeds plus Blocklist DE, ThreatFox, StopForumSpam, SpamHaus DROP, and more
  • Enterprise: Includes all Advanced and Business feeds with support for custom feed integrations tailored to your infrastructure


Custom Access Lists

Custom Access Lists give you complete control over your traffic:

  • Allow internal ASNs or office IP ranges
  • Block abusive regions during sensitive launches
  • Challenge suspicious networks while monitoring behavior
  • Apply unique lists to different zones or endpoints

All custom rules update globally within seconds.

Logging and Observability

Access Lists provide visibility into every decision, so you always know what is being allowed, blocked, or challenged:

  • Logged events: Requests matched by access rules without being blocked
  • Actioned events: Requests that were blocked or challenged
  • Curated feed hits: Requests flagged by built-in reputation lists


Configuring via API

Access Lists can be managed through the Bunny Shield API. This makes it simple to automate access policies, integrate with existing tools, or apply consistent controls across your infrastructure.

You can access the full API reference documentation here.

Updated 1 day ago