You know how brick and mortar stores deter wrongdoers by posting signs about security systems and the right to refuse service to anyone? 🚧  Well, your business has the right (and ability) to protect itself and its customers from troublemakers, too.   

Volusion provides a secure, stable hosting platform and ecommerce environment so your customers can shop with confidence. Additionally, you can fine-tune your security settings from your Admin Area with the IP Firewall page.🔥

Just like the name implies the IP Firewall page allows you to put out fires 🚒   before they start by controlling incoming traffic 🚗🚗🚗  to your storefront and your Admin Area. You can also configure the system to allow a maximum number of transactions for visitors to the site. 

Below are some tips for using this tool as well as some scenarios where you may want to use the IP Firewall settings.

Contents

Creating an IP Security Rule

To access the IP Firewall page, go to Settings > IP Firewall. From here, you can view and manage your existing IP security rules. To create a new IP security rule, click the Add button at the top of the page.

The IP security rules settings are as follows:

ID
This field contains an ID number to identify each security rule. This is auto-generated for each new rule.

IP Range Begin*
Enter the IP address or the start of the range of addresses you want to block or allow access to your store.

IP Range End
If defining a range of IP addresses to add or block from the system, enter the last IP address within the range you want to allow or block. Otherwise, leave this field blank.

Allow or Block*
Choose to allow or block access to the IP address or address range you define for the rule.

Applies to Admin Area Only
Enabling this checkbox will configure the IP rule to only block or allow access to the Admin Area – access to the storefront will not be affected by the IP rule.If you do not enable this option, the IP rule will apply to both the Admin Area and the storefront. Note that if you're attempting to block an IP range from the Admin Area only, you should also enable the Block IP Addresses to Admin option. See the "Additional IP Security Rules Settings" section for more information. 

*These fields are required for each IP security rule.

NOTE⚠️
Your IP security rules will only become active once you select the Enable IP Address Security Rules On Frontend option. To enable this option from the IP Firewall page, click the three-dot actions menu icon, and select IP Firewall Settings.

Additional IP Security Rules Settings

In addition to the IP security rules, there are also some advanced settings you can configure:

  1. Go to Settings > IP Firewall.
  2. Click the three-dot actions menu icon and select IP Firewall Settings.
  3. After configuring these settings as needed, click the Save button within the dialog box.

The advanced IP security settings are as follows:

Block IP Addresses to Admin: Enabling this option will block all incoming traffic to your Admin Area, except from the specific IP addresses you allow by creating IP Security Rules (be sure to include your own!). Visitors attempting to log in to this portion of the site will see an Access Denied message. 🚫 

Enable IP Address Security Rules On Frontend: By default, even though IP rules are set up to block access to the storefront, settings are not active unless this option is enabled. On the flip side, disabling this option removes all IP security rules for the storefront.  

Max Orders Per Day Per IP: Here, you can set the maximum number of orders that can be made from an individual IP address within 24 hours. This setting is designed to prevent credit account hunting. 💳  

In this case, a person or program attempting credit fraud will attempt to process repeated bogus orders from a shopping cart to test the validity of a series of credit card numbers they have obtained. Once a successful credit card order has been made, the offender will then know they have obtained a working credit card account. 

This setting will automatically block the IP address from accessing the storefront for 24 hours when the limit to the number of failed transactions has been reached. By default, the value is set to 20, but you can change it to make it more strict or more lenient.

Special Settings and Tips

There are many reasons for implementing IP security rules. The following are a few examples of why and how to use this powerful tool within Volusion.

Restricting Access to Your Admin Area

If the login info to your store’s Admin Area becomes compromised, 👿  there are a few steps you can take to protect your site (besides changing passwords and purging certain administrator accounts):

1. Go to Settings > IP Firewall.

2. Click Add.

3. Near the top of the screen, you'll see the current IP address your local computer system is connecting to Volusion through.

If your workstation has a static IP address that does not change, you only need to know this single IP address. If your workstation has a dynamic IP – a range of addresses that are assigned to the workstation that change over time – you'll need to know the range of the IP.

You'll also need to know the IP address or range of any other workstation you will be connecting to the Admin Area with (for example, a computer or laptop at home).

If you are using the Sell on eBay feature of Volusion, you must include 69.36.81.6 as an allowed IP address.

4. Set the IP or IP range within the IP Range Begin / End fields as needed.

5. Set the Allow Or Block menu to Allow.

6. Click Save.

7. Click the three-dot actions menu icon and select IP Firewall Settings.

8. Select the Block IP Addresses To Admin option and click Save.

The firewall will now block any attempt to access the Admin Area except for the IP address or ranges defined in the preceding steps.

Letting in Tech Support

If things go haywire, technologically, you might need to let our tech support team into your store’s Admin Area. If you have an IP block, you’ll want to keep this in mind when you contact us for help.

Restricting Access to Your Storefront

If you ever need to block a specific customer or IP address from accessing your website, ✋ your store keeps a record of all customer IP addresses in several places:

  • Each order (declined or accepted) records the IP address of the client who generated the order.
  • The abandoned cart feature can track the IP addresses of visitors.

Once obtained, you can block an unwanted visitor to your store by doing the following:

  1. Go to Settings > IP Firewall.
  2. Click Add.
  3. Set the IP or IP range as needed.
  4. Set the Allow Or Block menu to Block.
  5. Click Save.
  6. Click the three-dot actions menu icon and select IP Firewall Settings.
  7. Select Enable IP Address Security Rules on Frontend and click Save.

⚠️  The IP Firewall functionality blocks access to .asp pages on your Volusion store, including default.asp (home page), searchresults.asp, shoppingcart.asp, and any product, category and article pages (including SEO-friendly versions of those URLs). 

The IP Firewall feature does not block access to images, CSS, javascript and any custom ASP or HTML files you've added to your store, if they’re accessed through a direct link.

Granting Storefront Access to Blocked Customers

  1. At times, you may need to grant access to blocked customers – for example, if you’ve created an IP block for a range of IP addresses and later realize that a legitimate customer has placed several orders with your store from an IP address that falls within this range. In this case, you’ll want to maintain the existing IP block but make an allowance for this one customer. Here’s how:Go to Settings > IP Firewall and click Add.
  2. Set the IP address within the IP Range Begin field to the valid customer’s address and leave the IP Range End blank.
  3. Set the Allow or Block menu list to Allow.
  4. Click Save.
  5. Click the three-dot actions menu icon and select IP Firewall Settings.
  6. Make sure the Enable IP Address Security Rules on the Frontend option is selected.
  7. Click Save.

Finished! The legit customer will now be able to access your storefront. 

Summary

While the web has made shopping ultra convenient, there are a few downsides. Namely, there are bad guys who are out there just waiting to take advantage of your store or customers. 

Luckily, Volusion provides a secure shopping environment and allows you to set up firewalls and blocks to keep out undesirables so you and your customers can go about your business with confidence. 👍

Did this answer your question?