Documentation
Integration guides for IPWhois Blacklist. Protect your servers and applications with community-driven IP threat intelligence.
8 Integrations
Copy-paste ready
5 min setup
Server & Firewall
Fail2Ban
Automatically report every banned IP to the blacklist. The most popular integration.
CSF Firewall
Sync blacklisted IPs to ConfigServer Security & Firewall deny list.
iptables / nftables
Block IPs at the kernel firewall level using ipset and nftables sets.
Automated Reporting
Parse server logs and report malicious IPs on a schedule via cron.
Application & Language
WordPress
Block blacklisted IPs on wp-login and wp-admin with an mu-plugin.
Node.js
Express middleware with in-memory cache for IP threat checking.
Python
Flask decorator and Django middleware for blocking malicious IPs.
PHP / Laravel
Standalone function with file cache and Laravel middleware class.
Quick Start
All integrations use the IPWhois Blacklist API. The two key endpoints are:
Check if an IP is blacklisted
GET https://bl.ipwhois.net/api/check?ip=1.2.3.4
Report a malicious IP
POST https://bl.ipwhois.net/api/report
ip=1.2.3.4&type=brute-force&message=Description+here
Threat types: brute-force, spam, ddos, scan, phishing, malware, bot, other
Rate limit: The public API allows 500 free requests per day per source IP. For higher limits, use an API key from ipwhois.net.
IPWhois Blacklist — Community-driven IP threat intelligence — ipwhois.net