BlockList, SafeList, AllowList

Syncplify Server! includes 3 different “lists” that have 3 very distinct purposes. It’s very important that an administrator is familiar with these 3 lists, what they represent, how they work, and how to effectively use them. Here’s a brief yet precise explanation.

First of all, it’s important to understand that all three lists accept:

  • single IP addresses example:192.168.172.23
  • network CIDRs example:192.168.172.0/24

But they serve very different purposes:

BlockList

The BlockList (formerly known as BlackList) is the core of Syncplify’s Protector™ subsystem.

Any connection attempt from a client which IP address is included in the BlockList, or that is part of a network CIDR included in the BlackList, will be rejected.

Syncplify Protector™ automatically (and extremely effectively) identifies all sorts of attacks and hacking attempts, and automatically adds the attackers’ IP addresses to the BlockList.

You can, if you so wish, manually add IP addresses and/or networks to your BlockList, but this is typically not needed, because Protector™ is extremely effective at its job.

SafeList

The SafeList can be thought of as a list of exceptions to the BlackList. Basically, any IP or network present in the SafeList will never be added to the BlockList by Protector™.

If there are IP addresses or network that you want to trust, and you are confident that no attacks can ever come from such sources, you can add them to the SafeList. Protector™ will still check and prevent attacks from those sources, it will reject offending connections, but will not add the client IP address to the BlockList.

AllowList

Warning

This is, typically, the most misunderstood of the three lists, so please read carefully.

If the AllowList is left empty, clients (like FileZilla, WinSCP, etc…) can connect to your server from anywhere. An empty AllowList is basically equivalent to disabling the AllowList. Most administrators run their Syncplify Server! with an empty AllowList.

But if you add even a single item, even just one IP address or network, to the AllowList, then the AllowList becomes active and it becomes restrictive. This means that your Syncplify Server! will only accept incoming connections from IP addresses and networks included in the AllowList. Any attempt to connect to your server from sources that are not in the AllowList will be rejected.

Please, use the AllowList very carefully.