When it comes to protecting your applications from DDoS floods and CC (Challenge Collapsar) attacks, SafeLine WAF allows you to plug in curated IP blacklists directly. One useful community-driven project is the GitHub Ban-Hacker-IP-Plan, which maintains a growing list of IPv4 addresses tied to malicious traffic.
This article shows how to integrate that blacklist into SafeLine WAF to harden your defenses.
What is Ban-Hacker-IP-Plan?
Ban-Hacker-IP-Plan is a GitHub project that collects known attacker IPs, mostly:
- DDoS sources (distributed denial-of-service)
- CC attack sources (common flood patterns)
The list is regularly updated and shared publicly, making it a great feed for SafeLine WAF’s custom rule sets.
Why use it with SafeLine WAF?
SafeLine WAF (by Chaitin Tech) lets you:
- Build IP-based blacklists and whitelists
- Enforce rules across multiple services
- Mitigate volumetric and layer-7 attacks before they hit your apps
By ingesting GitHub’s Ban-Hacker-IP-Plan list, you cut down noise from repeat offenders and improve resource availability for legit users.
Rule definition
Here’s an example of how the SafeLine rule is structured:
- Rule Type: Denylist
-
Name:
2025-5-25 (Ban-Hacker-IP-Plan) - Condition: Source IP equals any of the listed addresses
-
SafeLine Version: Compatible with
7.3.0and newer
Example entry
Source IP =
1.15.47.213, 111.224.213.179, 111.225.152.202, 113.215.189.126,
113.223.212.153, 113.223.213.179, 113.223.214.125, 113.223.214.237, ...
The full list (as of 2025-05-25) contains 100+ IPv4 addresses associated with active attacks.
How to apply in SafeLine (Step-by-step)
- Open your SafeLine dashboard → Web ACL management.
-
Create a new rule group → type
Denylist. -
Name it:
Ban-Hacker-IP-Plan. - Add condition → “Source IP equals” → paste in the IP list.
-
Action →
Block. - Attach rule group → to your site/app’s policy.
- Save & deploy.
Security best practices (Extra layer)
- Auto-update: Sync Ban-Hacker-IP-Plan from GitHub periodically.
- Layering: Use rate limiting + geo-blocking alongside IP bans.
- Monitor false positives: Ensure no critical partner IPs are caught.
- Combine lists: Merge with threat intel feeds (AbuseIPDB, Spamhaus, etc.).
TL;DR
SafeLine WAF can easily integrate community IP blacklists like GitHub’s Ban-Hacker-IP-Plan. By blocking these known DDoS and CC attacker IPs at the edge, you reduce load on your servers and improve uptime.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (3)
Aurealisa has tried SafeLine WAF and is very impressed with its ease of use. Combining it with this IP list from GitHub really adds a strong layer of defense. In my experience, this method is very effective in reducing traffic from bots and repeat scanners.
Interesting discussion on the Texans’ cap moves! While evaluating players and contracts, it’s also helpful to stay informed about local legal and public records. You can easily check Kentucky inmate locator to get accurate information on current inmates and recent bookings. Having access to verified data like this can provide useful context when following news about player conduct or community updates.
Really helpful breakdown. Integrating GitHub’s Ban-Hacker-IP-Plan into SafeLine WAF makes a lot of sense for cutting down repeat DDoS sources. Love the step-by-step approach—super practical for quick implementation. Auto-updating the list is a solid pro tip too. Also You can get related Help from Mod hill Climb Racing.