Whitelist & Blacklist Rules

A rule is made up of three parts:

Conditions – What to check (IP, country, region, ISP, user agent, referral URL).
Scope – Where to apply (Global, URL-specific).
Action – What happens if the conditions match (Allow, Block, Redirect).

Definition: Whitelist rules ensure that trusted visitors can always access your store, regardless of other blocking rules.

Use Cases:

Allow your own IP addresses (admin, staff).
Ensure VIP customers or business partners are never blocked.
Permit certain countries or ISPs where you operate.
Allow access to specific products or collections even under broader restrictions.

Supported Conditions:

Priority:

Whitelist rules override blacklist rules (trusted access always wins).
Exception: future fraud automations may allow overriding whitelist if an order is extremely risky.

Definition: Blacklist rules explicitly deny access to unwanted or high-risk visitors.

Use Cases:

Supported Conditions:

Actions:

Block → deny access with a block page.
Redirect → send visitor to a different page (e.g., “Not Available in Your Region”).

Whitelist is evaluated first. If a visitor matches whitelist conditions, they are always allowed.
If not on whitelist, the request is checked against blacklist rules.
If matched → Block or Redirect.
If no match → default action = Allow.

Whitelist: Always allow trusted visitors (IP, Geo, ISP, Product, Collection).
Blacklist: Explicitly deny risky or unwanted traffic.
Together, they provide precise control over who can view, browse, and order from your Shopify store.

Next: Content Protection Concepts

If you have any questions, feel free to contact us via Crisp Chat or email us at [email protected].