# Whitelist & Blacklist Rules ### 1. What is a Rule? A **rule** is made up of three parts: 1. **Conditions** – What to check (IP, country, region, ISP, user agent, refferal URL). 2. **Scope** – Where to apply (Global, URL-specific). 3. **Action** – What happens if the conditions match (Allow, Block, Redirect). *** ### 2. Whitelist **Definition:** Whitelist rules ensure that trusted visitors can always access your store, regardless of other blocking rules. **Use Cases:** * Allow your own IP addresses (admin, staff). * Ensure VIP customers or business partners are never blocked. * Permit certain countries or ISPs where you operate. * Allow access to specific products or collections even under broader restrictions. **Supported Conditions:** * IP address or range. * Country, region, or city. * ISP. * User agent, refferal URL **Priority:** * Whitelist rules override blacklist rules (trusted access always wins). * Exception: future fraud automations may allow overriding whitelist if an order is extremely risky. *** ### 3. Blacklist **Definition:** Blacklist rules explicitly deny access to unwanted or high-risk visitors. **Use Cases:** * Block IPs or IP ranges tied to malicious activity. * Block countries or regions where you do not sell or ship. * Block ISPs or hosting providers commonly used for proxies. * Block purchases of specific products/collections from certain regions. **Supported Conditions:** * IP address or range. * Country, region, or city. * ISP. **Actions:** * **Block** → deny access with a block page. * **Redirect** → send visitor to a different page (e.g., “Not Available in Your Region”). *** ### 4. Whitelist vs. Blacklist Logic * **Whitelist is evaluated first.** If a visitor matches whitelist conditions, they are always allowed. * If not on whitelist, the request is checked against blacklist rules. * If matched → Block or Redirect. * If no match → default action = Allow. *** ### Summary * **Whitelist**: Always allow trusted visitors (IP, Geo, ISP, Product, Collection). * **Blacklist**: Explicitly deny risky or unwanted traffic. * **Together**, they provide precise control over who can view, browse, and order from your Shopify store. *** 👉 Next: Content Protection Concepts If you have any questions, feel free to contact us via **Crisp Chat** or email us at [support@mida-app.io](mailto:support@mida-app.io?subject=%5BMIDA%20Support%5D%20Question%20about%20Fraud%20Score\&body=Hi%20MIDA%20Team%2C%0A%0AI%20have%20a%20question%20about%20the%20Fraud%20Score%20feature.%20Please%20assist%20me%20with%20the%20following%3A%0A%0A-%20Shop%20URL%3A%20%0A-%20Issue%20details%3A%20%0A%0AThank%20you!%0A%0A%2D%20Your%20Name). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mida-app.io/mida-fraud-filter-ip-blocker/key-concepts/whitelist-blacklist-rules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.