Auto Block

The auto block feature helps improve the security of your DiskStation by blocking the IP addresses of clients with too many failed login attempts. This helps reduce the risk of accounts being broken into using brute-force attacks.

You can also create and manage an allow list to add IP addresses that you trust, or a block list to always prevent certain IP addresses from logging in.

Note:

Various services and packages support auto block, such as the following: DSM, SSH, Telnet, rsync, network backup, shared folder sync, FTP, WebDAV, File Station, Photo Station, Audio Station, Video Station, Download Station, Mail Server, Mail Station, Time Backup, VPN Server, Cloud Station, and Synology mobile apps.

To enable auto block:

Open Control Panel and go to Security > Auto Block.
Tick Enable auto block.
Enter a number of failed login attempts in the Login attempts field and a number of minutes in the Within (minutes) field. An IP address shall be blocked when it exceeds the number of failed login attempts within the specified number of minutes.
Tick Enable block expiration and enter a number to remove a blocked IP address after the specified number of days.
Click Apply.

Managing Block List

Click Allow/Block List, and go to the Block List tab.

To add IP addresses:

Choose either of the following from the Create drop-down menu:

Add IP address
Enter an IP address and set the expiration time.
Import IP address list
Import a text file that lists IP addresses to add a number of IP addresses and set the expiration time all at once. Tick the checkbox if you want to overwrite existing IP addresses. If this option is not selected, duplicate IP addresses will be skipped.
If the file you selected has a correct format, you will see all the IP addresses in the preview area. Click OK to import.

Note:

To import a file, the file must meet the following criteria:

The file must be a plain text file.
Each line of the file can contain only one IP address.
Comment lines begin with a # (pound sign).

To remove blocked IP addresses:

Select the IP addresses you want to remove from the list and click Remove.

Managing Allow List

Click Allow/Block List, and go to the Allow List tab.

To add IP addresses:

Choose either of the following from the Create drop-down menu:

Add IP address
Enter an IP address.
Import IP address list
Import a text file that lists IP addresses to add a number of IP addresses all at once. Tick the checkbox if you want to overwrite existing IP addresses. If this option is not selected, duplicate IP addresses will be skipped.
If the file you selected has a correct format, you will see all the IP addresses in the preview area. Click OK to import.

Note:

To import a file, the file must meet the following criteria:

The file must be a plain text file.
Each line of the file can contain only one IP address.
Comment lines begin with a # (pound sign).

To remove IP addresses:

Select the IP addresses you want to remove from the list and click Remove.

Note:

If your DiskStation device is behind a reverse proxy server, please add the IP address of that reverse proxy server to the allow list.