Skip to main content

Block-list, allow-list, and safe-list

Up to the old version 3.x, Syncplify.me Server! featured a black-list and a white-list. The black-list is where all “bad guys” would end up if they tried attacking the server (DoS, DDoS, password harvesting, …) while the white-list was used for a much more restrictive purpose. In fact – when enabled – the white-list would allow clients to connect only if their IP address was in the white-list. Enabling the white-list, practically, means permanently black-listing anyone who is not on in the white-list.

Although the black/white concept was good enough for most installations, we figured that we could make it even more flexible. That’s why, starting from version 4.0 and all subsequent versions, Syncplify Server! introduced a third list, called  safe-list. Here’s how the 3 lists work:

Block-list: formerly known as blacklist, any IP address (e.g.: 192.168.1.35) or network (e.g.: 10.23.5.0/255.255.255.0) listed in the black-list will be rejected

Allow-list: formerly known as whitelist, if this list is not empty, then only the IP addresses and networks in this list will be allowed to connect, and anyone else’s connection attempt will be rejected

It is important to understand that allow-listing an IP address does not prevent it from being block-listed, see the safe-list here below for that

Safe-list: IP addresses and networks listed in the safe-list will never be blacklisted, even if they perform actions that may be interpreted as attacks, for example, if they connect and disconnect without attempting authentication (typical behavior of a load balancer)

Clever use of the 3 above lists guarantees enough flexibility to satisfy a much wider variety of situations than any previous version of Syncplify Server!