IP Block

How to block specific IP addresses and IP ranges from reaching your owntag Server Side GTM Container

owntag’s IP Block feature lets you prevent incoming requests from specific IP addresses or IP ranges from reaching your Server Side GTM Container. Blocked requests receive a 403 Forbidden response and are never forwarded to your SGTM — keeping your analytics data clean and your container free from unwanted traffic.

Common Use Cases

  • Exclude internal traffic: Block your team’s office IP addresses so internal visits don’t pollute your analytics data. No more inflated page views or skewed conversion rates from your own employees.
  • Block fake conversions: If you notice suspicious IP addresses sending fabricated conversion events, you can block them immediately.
  • Filter known bad actors: Block IP ranges associated with data centers or proxy services that generate non-human traffic.

Supported Formats

IP Block supports both individual IP addresses and IP ranges in CIDR notation:

FormatExampleWhat it blocks
Single IPv4 address192.168.1.1Exactly that IP address
IPv4 CIDR range10.0.0.0/24All 256 addresses from 10.0.0.0 to 10.0.0.255
Single IPv6 address2001:db8::1Exactly that IPv6 address
IPv6 CIDR range2001:db8::/32The entire IPv6 prefix

You can add up to 50 entries per container. Each entry is one IP address or one CIDR range, entered on its own line.

What is CIDR notation? CIDR (Classless Inter-Domain Routing) lets you block a range of IP addresses with a single entry. The number after the / specifies how many leading bits of the address are fixed. A smaller number means a larger range: /24 covers 256 IPv4 addresses, /16 covers 65,536, and /8 covers over 16 million. For most use cases, blocking a single IP or a /24 range is sufficient.

How It Works

When IP Block is enabled, every incoming request is checked before any processing takes place:

  1. owntag extracts the visitor’s real IP address from the request.
  2. The IP is compared against your block list (exact matches and CIDR range checks).
  3. If the IP matches, the request is immediately blocked with a 403 Forbidden response.
  4. If the IP doesn’t match, the request proceeds normally through the enrichment pipeline and is forwarded to your SGTM container.

Blocked requests are not counted toward your monthly request quota and are not forwarded to your Server Side GTM Container.

Setting Up IP Block

Step 1: Enable the feature

In the owntag Console, navigate to your container and select IP Block in the sidebar. Toggle the feature on.

Step 2: Add IP addresses or ranges

Enter the IP addresses or CIDR ranges you want to block, one per line. For example:

203.0.113.50
198.51.100.0/24
2001:db8::/32

Click Save to apply the changes. owntag validates each entry and will show you specific error messages if any entries are not in a valid format.

Step 3: Verify

The “Currently blocked” section shows the IP addresses and ranges that are actively being enforced. After saving, verify that the list matches your intent. Changes take effect within seconds.

If you’re not sure what your own IP address is, visit a service like whatismyipaddress.com to find out. If your office uses a shared internet connection, everyone in the office typically shares the same public IP address.

Important Notes

  • IP Block only affects tracking requests. It does not affect your access to the owntag Console or your SGTM configuration in Google Tag Manager. Even if you accidentally block your own IP, you can always log in to the console and remove it.
  • IPv6 normalization: Compressed and expanded IPv6 addresses are treated as equivalent. For example, 2001:db8::1 and 2001:0db8:0000:0000:0000:0000:0000:0001 are recognized as the same address.