Skip to content

Auto-blocked IPs – Manage Automatically Blocked IP Addresses

The Auto-blocked IPs page displays all IP addresses that have been automatically blocked by Mideye Shield's fraud score analysis. When an authentication request originates from an IP address with a fraud score at or above the configured block threshold, the IP is added to this list and all subsequent requests from it are immediately blocked for the configured expiration period.

Each blocked IP entry includes the originating IP address, its country code, the fraud score that triggered the block, the timestamp when the block was applied, and when it expires. Administrators can manually unblock IP addresses to restore access before the automatic expiration.

Required Role: ROOT, SUPER_ADMIN, or ADMIN (to unblock IPs)

Navigation: Home → Mideye Shield → Auto-blocked IPs

| Role | View Blocked IPs | Unblock IP | |------|-----------------|------------| | ROOT | ✅ | ✅ | | SUPER_ADMIN | ✅ | ✅ | | ADMIN | ✅ | ✅ | | OPERATOR | ✅ | ❌ |

The data grid displays all currently blocked IP addresses with their associated metadata.

| Column | Description | |--------|-------------| | IP Address | The blocked IPv4 address | | Blocked At | Timestamp when the IP was blocked (formatted in local time) | | Expiration Time | When the block expires and the IP is automatically released (formatted in local time) | | Country Code | Two-letter ISO country code of the IP's geographic origin (or "N/A" if unknown) | | Fraud Score | The numerical fraud score (0–100) that triggered the automatic block | | Actions | Unblock button to manually release the IP |

Each row includes an Unblock button that immediately removes the IP from the blocked list. Once unblocked, authentication requests from that IP are processed normally.

Click the Export icon in the toolbar to access export options:

| Option | Description | |--------|-------------| | Download as CSV | Exports all blocked IP data to a CSV file | | Print | Opens the browser print dialog for the data grid |

| Field Name | Type | Required | Description | |------------|------|----------|-------------| | ipAddress | String | Yes | The blocked IPv4 address (unique) | | blockedAt | LocalDateTime | Yes | When the block was applied | | expirationTime | LocalDateTime | Yes | When the block automatically expires | | countryCode | String | No | ISO 3166-1 alpha-2 country code | | fraudScore | Integer | Yes | IP reputation score (0–100) that triggered the block |

Purpose: Immediately remove an IP address from the block list. Prerequisites: ADMIN role or higher. Steps:

  1. Locate the IP address in the data grid.
  2. Click the Unblock button in the Actions column.

Result: The IP is removed from the blocked list and authentication requests from that IP are processed normally. A success notification is displayed.

Purpose: Reload the blocked IP list from the server. Steps: Click the Refresh (loop) icon in the toolbar. Result: The data grid updates with the current blocked IP list.

Purpose: Download the blocked IP data for offline analysis or reporting. Steps:

  1. Click the Export (download) icon in the toolbar.
  2. Select "Download as CSV" or "Print".

Result: CSV file is downloaded or print dialog opens.

  1. Review the blocked IP list and identify the IP address reported by the user.
  2. Check the fraud score — a moderate score (e.g., 60–75) may indicate a false positive.
  3. Click Unblock to immediately restore access.
  4. If the IP is frequently blocked, consider lowering the block threshold on the Configuration page or creating an ALLOW rule.
  1. Review the Country Code column to identify countries with high concentrations of blocked IPs.
  2. Export the data to CSV for more detailed geographic analysis.
  3. Consider creating subnet-based static filter rules for known malicious IP ranges.
  1. Note the total number of blocked IPs.
  2. Check the Fraud Score distribution — consistent high scores (85+) indicate the threshold is well-calibrated.
  3. If many IPs have scores near the threshold, consider adjusting the threshold up (fewer blocks, fewer false positives) or down (more blocks, stricter security).

| Issue | Possible Cause | Resolution | |-------|---------------|------------| | Page is disabled / inaccessible | Air-gapped mode is enabled | Auto-blocking requires internet access for IP reputation scoring | | No blocked IPs appear | Block threshold too high or shield disabled | Verify Mideye Shield is enabled and the block threshold is appropriate | | Unblock button not visible | Insufficient permissions | Requires ADMIN role or higher | | IP keeps getting re-blocked after unblock | Ongoing requests with high fraud score | Create a permanent ALLOW rule in Static Filter Rules | | Country code shows "N/A" | Geographic data unavailable for the IP | Some IPs (private ranges, proxies) don't have geographic data |