Downloads - Blocklist Formats
Download Zenfirewall blocklists in multiple formats: Plain Text, Nginx, and Apache
Available Blocklist Formats
Zenfirewall provides blocklists in multiple formats to suit different web servers and firewalls. All lists are automatically updated as new attacks are detected.
Time Windows
- 24 hours: Most recent attacks
- 7 days: Standard blocking window (recommended for most users)
Formats
- Plain Text: One IP per line - compatible with CSF and most firewalls
- Nginx:
denystatements ready to include in your nginx configuration - Apache:
Require not ipdirectives for Apache 2.4+ servers
Consolidated Blocklists (All Attack Types)
These lists combine all attack types: XMLRPC, file scanning, SQL injection, and SYN flood attacks.
| Time Window | Format | Download | IP Count | Description |
|---|---|---|---|---|
| 7 days | Plain Text | zenblock.txt | Updated hourly | Legacy format - CSF compatible |
| 24 hours | Plain Text | zenblock-24h.txt | Updated hourly | Most recent attacks only |
| 24 hours | Nginx | zenblock-nginx-24h.conf | Updated hourly | Include in nginx config |
| 7 days | Nginx | zenblock-nginx-7days.conf | Updated hourly | Include in nginx config |
| 24 hours | Apache | zenblock-apache-24h.conf | Updated hourly | Apache 2.4+ configuration |
| 7 days | Apache | zenblock-apache-7days.conf | Updated hourly | Apache 2.4+ configuration |
Attack-Specific Blocklists
XMLRPC Attacks
WordPress XMLRPC vulnerability exploitation attempts.
| Time Window | Format | Download |
|---|---|---|
| 24 hours | Plain Text | zenblock-xmlrpc-24h.txt |
| 7 days | Plain Text | zenblock-xmlrpc-7days.txt |
| 24 hours | Nginx | zenblock-xmlrpc-nginx-24h.conf |
| 7 days | Nginx | zenblock-xmlrpc-nginx-7days.conf |
| 24 hours | Apache | zenblock-xmlrpc-apache-24h.conf |
| 7 days | Apache | zenblock-xmlrpc-apache-7days.conf |
File Scanning Attacks
Attempts to access sensitive system files (wp-config.php, .env, etc.).
| Time Window | Format | Download |
|---|---|---|
| 24 hours | Plain Text | zenblock-scan-24h.txt |
| 7 days | Plain Text | zenblock-scan-7days.txt |
| 24 hours | Nginx | zenblock-scan-nginx-24h.conf |
| 7 days | Nginx | zenblock-scan-nginx-7days.conf |
| 24 hours | Apache | zenblock-scan-apache-24h.conf |
| 7 days | Apache | zenblock-scan-apache-7days.conf |
SQL Injection Attacks
SQL injection attempts detected in web server logs.
| Time Window | Format | Download |
|---|---|---|
| 24 hours | Plain Text | zenblock-sql-24h.txt |
| 7 days | Plain Text | zenblock-sql-7days.txt |
| 24 hours | Nginx | zenblock-sql-nginx-24h.conf |
| 7 days | Nginx | zenblock-sql-nginx-7days.conf |
| 24 hours | Apache | zenblock-sql-apache-24h.conf |
| 7 days | Apache | zenblock-sql-apache-7days.conf |
SYN Flood Attacks
SYN flood attack sources detected via netstat monitoring.
| Time Window | Format | Download |
|---|---|---|
| 24 hours | Plain Text | zenblock-synflood-24h.txt |
| 7 days | Plain Text | zenblock-synflood-7days.txt |
| 24 hours | Nginx | zenblock-synflood-nginx-24h.conf |
| 7 days | Nginx | zenblock-synflood-nginx-7days.conf |
| 24 hours | Apache | zenblock-synflood-apache-24h.conf |
| 7 days | Apache | zenblock-synflood-apache-7days.conf |
Usage Instructions
CSF Firewall (Plain Text Format)
Add this line to /etc/csf/csf.blocklists:
# Zenfirewall - All attacks (7 days)
ZENFIREWALL|7200|0|https://zenfirewall.com/zenblock.txt
# Or use 24-hour list for more aggressive blocking:
# ZENFIREWALL_24H|3600|0|https://zenfirewall.com/zenblock-24h.txt
Then restart CSF:
csf -ra
Nginx Configuration
Download the nginx format file and include it in your configuration:
http {
# Include blocklist at http level (affects all sites)
include /etc/nginx/blocklists/zenblock-nginx-7days.conf;
server {
listen 80;
server_name example.com;
# ... rest of your config
}
}
Or include at server level for specific sites:
server {
listen 80;
server_name example.com;
# Include blocklist for this site only
include /etc/nginx/blocklists/zenblock-nginx-7days.conf;
# ... rest of your config
}
Auto-update script (recommended):
#!/bin/bash
# /etc/nginx/update-blocklist.sh
wget -q https://zenfirewall.com/zenblock-nginx-7days.conf -O /etc/nginx/blocklists/zenblock-nginx-7days.conf
nginx -t && systemctl reload nginx
Add to crontab:
0 */6 * * * /etc/nginx/update-blocklist.sh
Apache 2.4+ Configuration
Download the apache format file and include it in your configuration:
<VirtualHost *:80>
ServerName example.com
<Directory /var/www/html>
# Include Zenfirewall blocklist
Include /etc/apache2/blocklists/zenblock-apache-7days.conf
# ... rest of your config
</Directory>
</VirtualHost>
Auto-update script (recommended):
#!/bin/bash
# /etc/apache2/update-blocklist.sh
wget -q https://zenfirewall.com/zenblock-apache-7days.conf -O /etc/apache2/blocklists/zenblock-apache-7days.conf
apachectl configtest && systemctl reload apache2
Add to crontab:
0 */6 * * * /etc/apache2/update-blocklist.sh
Choosing the Right Format
Which time window should I use?
- 7 days (recommended): Standard blocking window, balances security and false positive risk
- 24 hours: More aggressive, only blocks very recent attackers (good for high-security sites)
Which attack types should I block?
- All (Consolidated): Recommended for most users - blocks all detected attack types
- Specific types: Use if you only want to block certain attack patterns
CSF vs Nginx vs Apache?
- CSF: Best for system-level blocking at the firewall level (blocks before reaching web server)
- Nginx/Apache: Good for web application-level blocking, easier to set up if you don’t have CSF
Update Frequency
All blocklists are regenerated every hour with the latest attack data from our distributed network of protected servers.
IP Removal Requests
If your IP was incorrectly blocked, you can request removal at unblock form .
Statistics
For real-time statistics on blocked IPs and attack patterns, visit our live stats .