Whitelist & Blacklist Rules

In MIDA Fraud IP Blocker, rules are the foundation of access control. Two of the most important rule types are Whitelist and Blacklist, which define who is always allowed and who is explicitly denied.

1. What is a Rule?

A rule is made up of three parts:

  1. Conditions – What to check (IP, country, region, ISP, user agent, refferal URL).

  2. Scope – Where to apply (Global, URL-specific).

  3. Action – What happens if the conditions match (Allow, Block, Redirect).

2. Whitelist

Definition: Whitelist rules ensure that trusted visitors can always access your store, regardless of other blocking rules.

Use Cases:

  • Allow your own IP addresses (admin, staff).

  • Ensure VIP customers or business partners are never blocked.

  • Permit certain countries or ISPs where you operate.

  • Allow access to specific products or collections even under broader restrictions.

Supported Conditions:

  • IP address or range.

  • Country, region, or city.

  • ISP.

  • User agent, refferal URL

Priority:

  • Whitelist rules override blacklist rules (trusted access always wins).

  • Exception: future fraud automations may allow overriding whitelist if an order is extremely risky.

3. Blacklist

Definition: Blacklist rules explicitly deny access to unwanted or high-risk visitors.

Use Cases:

  • Block IPs or IP ranges tied to malicious activity.

  • Block countries or regions where you do not sell or ship.

  • Block ISPs or hosting providers commonly used for proxies.

  • Block purchases of specific products/collections from certain regions.

Supported Conditions:

  • IP address or range.

  • Country, region, or city.

  • ISP.

Actions:

  • Block → deny access with a block page.

  • Redirect → send visitor to a different page (e.g., “Not Available in Your Region”).

4. Whitelist vs. Blacklist Logic

  • Whitelist is evaluated first. If a visitor matches whitelist conditions, they are always allowed.

  • If not on whitelist, the request is checked against blacklist rules.

  • If matched → Block or Redirect.

  • If no match → default action = Allow.

Summary

  • Whitelist: Always allow trusted visitors (IP, Geo, ISP, Product, Collection).

  • Blacklist: Explicitly deny risky or unwanted traffic.

  • Together, they provide precise control over who can view, browse, and order from your Shopify store.

👉 Next: Content Protection Concepts

If you have any questions, feel free to contact us via Crisp Chat or email us at [email protected].

PreviousApp embededNextContent Protection

Last updated