--- title: Configuring an IP reputation rule (web policy) description: Use this rule to determine which authentication action to prompt the user with, based on the risk score of the IP address of the user's accessing device. component: pingid page_id: pingid:pingid_service_management:pid_configuring_ip_reputation_rule_web canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_ip_reputation_rule_web.html revdate: June 6, 2024 section_ids: about-this-task: About this task steps: Steps result: Result: choose-from: Choose from: next-steps: Next steps --- # Configuring an IP reputation rule (web policy) Use this rule to determine which authentication action to prompt the user with, based on the risk score of the IP address of the user's accessing device. ## About this task PingID collects and analyzes IP address data from the user's accessing device and enables you to apply different authentication actions to IP addresses according to their risk scores. IP addresses are grouped into the following levels of risk: * High: The IP address is considered high risk and might have recently been involved in numerous malicious activities, such as DDos attacks or spam activity. * Medium: The IP address is considered medium risk and might have been involved in malicious activities, such as DDos attacks or spam activity. * Low: The IP address is considered low risk. You can define a different authentication for each risk group. Define more restrictive authentication for IP addresses in a higher risk group You can also define a whitelist of IP addresses that you want this rule to ignore. **Video (YouTube)** \ | | | | - | ------------------------------------------------------------------------------------------------------------ | | | The IP reputation rule is not applied if there is insufficient data to determine the IP address' risk score. | ## Steps 1. From within the relevant policy, click**[icon: plus, set=fa] Add Rule** and from the list, select **IP Reputation**. ### Result: The **IP Reputation** rule wizard opens. 2. Select the check box of each **Risk Score** group to which you want to apply a rule action, and from the **Action** list, select the action that you want to apply to that risk score group. ![A screen capture of the IP Reputation rule wizard displaying the Risk Score groups of High, Medium, and Low and their Action lists.](_images/yzl1565076174847.png) ### Choose from: * **Deny**: Deny access for authentication requests originating from IP addresses in the selected risk score category. This option is selected for the High risk category, by default. * **Approve**: Approve access without requiring PingID authentication for authentication requests originating from IP addresses in the selected risk score category. * **Authenticate**: Allow the user to authenticate using any of the authentication methods allowed at the policy level. * **Allowed Methods**: Click **Allowed Methods** to reveal a list of authentication methods allowed by this policy, and then select the check box of each authentication method that you want to allow for this rule. See [Rule authentication actions](pid_rule_auth_actions.html) for description per authentication type. 3. In the **Whitelist** field, specify one or more IP address ranges that you want the rule to ignore. | | | | - | ----------------------------------------------------------------------------------------------------------- | | | Enter each IP address range in the format `XX.XX.XX.XX/XX` and separate each IP address range with a comma. | 4. Click **Save**. 5. In the **Policy** list, click and drag the new policy and place it in the order in which you want it to be considered. Click **Save Order**. ## Next steps To ensure the policy is applied to your organization, go to **PingID → Configuration** and ensure **Enforce Policy** is set to **Enabled**.