Additional Settings

Accessible for the Community (paid), Developer and Business plan users.

User role whitelist

You can whitelist users from the Patchstack firewall. This means that the Patchstack firewall would not run against these user types.

  1. Toggle the roles, that you wish to whitelist from the firewall.
  2. Click Save settings once the changes have been done.

Country Blocking

In case you want to block traffic to your web application from certain countries, you can do so by scrolling down to the Country Blocking section.
You can start typing the names of countries into the "Blocked Countries" input.
After typing the name, press Enter or click on the name of a given country.

If you want the country blocking to start working right away, click on Enable Country Blocking.
You may then click Save Settings.

PS! We have also added the Inversed Check option which works the other way around.
When this is checked, the countries which are typed into the "Blocked Countries" input, will be the only countries from which the traffic to your application is allowed.

If you want to allow traffic ONLY from Germany:

  1. Type "Germany" into "Blocked Countries"
  2. Check "Inversed Check"
  3. Check "Enable Country Blocking"
  4. Click on "Save Settings"

General whitelist settings

Accessible for the Community, Developer and Business plan users.

Under the General whitelist settings section, you can manage whitelist settings and add IP address header override rule.



Each rule must be on a new line.

The following keywords are accepted

IP = firewall will not run against the IP
PAYLOAD = if the entire payload contains the keyword, the firewall will not proceed
URL = if the URL contains given URL, firewall will not proceed


In this scenario, the firewall will not run if the IP address is or if the payload contains contact_form or if the URL contains water or if the URL contains /some-form.


IP Address Header Override

If you would like to override the IP address header that we use to grab the IP address of the visitor, enter the value to IP Address Header Override input.

This must be a valid value in the $_SERVER array, for example HTTP_X_FORWARDED_FOR. If the $_SERVER value you enter does not exist, it will fallback to the Patchstack IP grab function so ask your hosting company if you are unsure.

Leave this empty to use the Patchstack IP address grabbing function.

Block IP Settings

Block IPs that are a potential threat to your sites.


Example case:

Patchstack has blocked 5 attacks on your application from one specific IP address in a period of 60 minutes.
You would now want this IP to be blocked.

Type in the following data:

Block IP for 4320 Minutes
After 5 Blocked Attacks
Over A Period of 60 Minutes

Click Save Settings

Now - any IP address which meets all those conditions will be blocked for three days.


IP Block List

Lets you completely block IP addresses by entering each IP address to a new line.

Following formats are accepted:

.htaccess Features

Accessible for the Developer and Business plan users only.

From .htaccess Features you can directly modify your .htaccess file by changing your settings.

What you can do:

  • Add security headers
  • Prevent default WordPress file access
  • Block access to debug.log file
  • Disable index views
  • Forbid proxy comment posting
  • Prevent image hotlinking
  • In case you wish to write custom htaccess rules to the file, you can insert your rules to Custom .htaccess rules textfield.
    Additionally, you can select if your written rules appear at the bottom of Patchstack rules or at the top of Patchstack rules in the .htaccess file.

    Please note that If the custom htaccess rules provided there break your web application, Patchstack will automatically remove them and revert the .htaccess to the previous working state.

    Having done all your changes, click on Save Settings at the bottom of this section.