IP Exclusions

Your own visits, internal team activity, and known bot IPs are skewing your analytics. HitKeep’s IP exclusion system lets you block specific IPs or CIDR ranges from being recorded, either per-site or globally across the entire instance.

Trusted proxies required for accuracy

IP exclusions match against the real client IP as resolved by HitKeep. If you run behind a reverse proxy (Caddy, Traefik, nginx, a cloud load balancer), you must configure the -trusted-proxies flag — otherwise HitKeep sees the proxy’s IP for every request and exclusion rules will not work as expected.

See Trusted Proxies for setup instructions.

Per-Site Exclusions

Block specific traffic from a single site. This is the right choice for filtering out your own IP without affecting other sites.

# Add an IP exclusion for a site
curl -X POST https://your-hitkeep.example/api/sites/{site_id}/exclusions \
  -H "Content-Type: application/json" \
  -b "hk_token=YOUR_SESSION_COOKIE" \
  -d '{"ip":"203.0.113.42"}'

# Add a CIDR range
curl -X POST https://your-hitkeep.example/api/sites/{site_id}/exclusions \
  -H "Content-Type: application/json" \
  -b "hk_token=YOUR_SESSION_COOKIE" \
  -d '{"ip":"10.0.0.0/8"}'

Dashboard Workflow

1. Open your site in the dashboard.
2. Go to Settings → Exclusions.
3. Enter an IP address or CIDR range and click Add.

Hits from excluded IPs are dropped at the ingestion layer before being stored.

List and Remove Rules

# List active exclusion rules for a site
curl https://your-hitkeep.example/api/sites/{site_id}/exclusions \
  -b "hk_token=YOUR_SESSION_COOKIE"

# Remove an exclusion rule
curl -X DELETE https://your-hitkeep.example/api/sites/{site_id}/exclusions/{rule_id} \
  -b "hk_token=YOUR_SESSION_COOKIE"

Instance-Wide Exclusions (Admin)

Instance administrators can add global exclusion rules that apply across all sites. Use this for known datacenter IP ranges, monitoring bots, or your entire office subnet.

# List global exclusion rules (admin only)
curl https://your-hitkeep.example/api/admin/exclusions \
  -b "hk_token=ADMIN_SESSION_COOKIE"

# Add a global exclusion rule
curl -X POST https://your-hitkeep.example/api/admin/exclusions \
  -H "Content-Type: application/json" \
  -b "hk_token=ADMIN_SESSION_COOKIE" \
  -d '{"ip":"198.51.100.0/24"}'

# Remove a global exclusion rule
curl -X DELETE https://your-hitkeep.example/api/admin/exclusions/{rule_id} \
  -b "hk_token=ADMIN_SESSION_COOKIE"

Finding Your Current IP

curl https://your-hitkeep.example/api/user/current-ip \
  -b "hk_token=YOUR_SESSION_COOKIE"

This endpoint returns the IP address HitKeep sees for your current connection, accounting for trusted proxy headers if configured.

Related

• Trusted Proxies
• Permissions & Roles
• Configuration Reference
• REST API Reference

Need automatic bot filtering based on user-agent lists or threat intelligence feeds? Join the HitKeep Cloud waitlist →