Traffic Exclusions

Your own visits, internal team activity, known bot IPs, or traffic from countries you do not serve can skew your analytics. HitKeep's traffic exclusion system lets you block specific IPs, CIDR ranges, or ISO 3166-1 alpha-2 country codes from being recorded, either per-site or globally across the entire instance.

Trusted proxies required for accuracy

IP/CIDR exclusions match against the real client IP as resolved by HitKeep. Country exclusions use trusted CDN/proxy country headers only when the request came through configured trusted proxies, then fall back to HitKeep's IP metadata lookup. If you run behind a reverse proxy (Caddy, Traefik, nginx, a cloud load balancer), configure the -trusted-proxies flag so both rule types evaluate the real visitor context.

See Trusted Proxies for setup instructions.

Per-Site Exclusions

Block specific traffic from a single site. This is the right choice for filtering out your own IP, a partner's testing range, or one country's traffic without affecting other sites.

Site owners and site admins can manage these rules for their assigned sites. Instance admins also have a narrow exclusion-only override, so they can respond to bad traffic without receiving broader site data mutation rights such as retention changes or AI-fetch ingestion.

API reference:

• List site exclusion rules
• Create a site exclusion rule
• Delete a site exclusion rule

Dashboard Workflow

1. Open your site in the dashboard.
2. Go to Settings → Exclusions.
3. Choose IP/CIDR or Country.
4. Enter the CIDR value or select the country and click Add.

Exclusions affect new incoming traffic only. Matching hits are accepted and dropped at the ingestion layer before publish or persistence, so they do not create analytics rows. Existing historical rows remain until normal retention, reset, deletion, or takeout workflows handle them.

Excluded hits never store derived country, region, city, provider, or ASN metadata, and they do not store the raw visitor IP.

Instance-Wide Exclusions (Admin)

Instance administrators can add global exclusion rules that apply across all sites. Use this for known datacenter IP ranges, monitoring bots, your entire office subnet, or countries that should be excluded instance-wide.

Global filters can mix IP/CIDR rules and country rules in the same instance-wide traffic exclusion table.

API reference:

• List global exclusion rules
• Create a global exclusion rule
• Delete a global exclusion rule

Finding Your Current IP

API reference:

• Get the current resolved client IP

This endpoint returns the IP address HitKeep sees for your current connection, accounting for trusted proxy headers if configured. It uses the same resolved IP path used for exclusions and derived IP metadata.

Related

• Trusted Proxies
• Bot and Spam Filtering
• Permissions & Roles
• Configuration Reference
• REST API Reference