IP Exclusions

Your own visits, internal team activity, and known bot IPs are skewing your analytics. HitKeep’s IP exclusion system lets you block specific IPs or CIDR ranges from being recorded, either per-site or globally across the entire instance.

Trusted proxies required for accuracy

IP exclusions match against the real client IP as resolved by HitKeep. If you run behind a reverse proxy (Caddy, Traefik, nginx, a cloud load balancer), you must configure the -trusted-proxies flag. Otherwise HitKeep sees the proxy’s IP for every request and exclusion rules will not work as expected.

See Trusted Proxies for setup instructions.

Per-Site Exclusions

Block specific traffic from a single site. This is the right choice for filtering out your own IP without affecting other sites.

Site owners and site admins can manage these rules for their assigned sites. Instance admins also have a narrow exclusion-only override, so they can respond to bad traffic without receiving broader site data mutation rights such as retention changes or AI-fetch ingestion.

API reference:

• List site exclusion rules
• Create a site exclusion rule
• Delete a site exclusion rule

Dashboard Workflow

1. Open your site in the dashboard.
2. Go to Settings → Exclusions.
3. Enter an IP address or CIDR range and click Add.

Hits from excluded IPs are dropped at the ingestion layer before being stored.

Instance-Wide Exclusions (Admin)

Instance administrators can add global exclusion rules that apply across all sites. Use this for known datacenter IP ranges, monitoring bots, or your entire office subnet.

API reference:

• List global exclusion rules
• Create a global exclusion rule
• Delete a global exclusion rule

Finding Your Current IP

API reference:

• Get the current resolved client IP

This endpoint returns the IP address HitKeep sees for your current connection, accounting for trusted proxy headers if configured.

Related

• Trusted Proxies
• Bot and Spam Filtering
• Permissions & Roles
• Configuration Reference
• REST API Reference