Troubleshooting beginner

How to Check if Your Shopify Store is Blocking an IP

Learn how to verify whether a specific IP address is being blocked by your store, review blocking logs, and resolve false positives.

10 minutes
5 steps
beginner level

Before You Start

  • SecurEcommerce installed
  • Access to your Shopify admin

Why You Might Need to Check

There are several situations where you need to determine if a specific IP address is being blocked from accessing your Shopify store. A customer might reach out saying they cannot view your site. A business partner could report that your store shows an error when they try to visit. Or you might be troubleshooting your own blocking rules after a recent configuration change.

Whatever the reason, knowing how to quickly verify whether an IP is on your blocklist — and understanding why it was blocked — is an essential skill for any store owner using access controls. This guide walks you through the entire process, from checking your blocklist to resolving false positives.

Step 1: Check Your Active Blocklist

The first place to look is your current list of blocked IP addresses and ranges within SecurEcommerce.

Access the Blocklist

  1. Log into your Shopify admin panel
  2. Open the SecurEcommerce app
  3. Navigate to Blocking > IP Blocking in the sidebar
  4. You will see a list of all individually blocked IP addresses and CIDR ranges

Search for the IP

If you have a long blocklist, scrolling through it manually is impractical. Use the search field at the top of the IP Blocking page:

  1. Enter the full IP address you want to check (e.g., 203.0.113.45)
  2. The list will filter to show any matching entries
  3. If the IP appears, you have found the block — the note column will tell you why it was added

Check CIDR Ranges

An IP address might not appear as an individual entry but could still be blocked if it falls within a CIDR range. For example, if you have blocked 203.0.113.0/24, then every IP from 203.0.113.0 through 203.0.113.255 is blocked.

SecurEcommerce automatically checks whether the searched IP falls within any blocked range and will highlight the matching rule.

Step 2: Review Country and VPN Blocking Rules

If the IP does not appear in your manual blocklist, it could be blocked by a broader rule. Check these settings next.

Country Blocking

  1. Go to Blocking > Country Blocking
  2. Note whether you are using blocklist mode (specific countries blocked) or allowlist mode (only specific countries allowed)
  3. Determine which country the IP address originates from — SecurEcommerce shows the geographic origin for any IP you look up in the blocking logs
  4. Check if that country is on your blocked list or outside your allowed list

VPN and Proxy Detection

  1. Go to Blocking > VPN/Proxy Blocking
  2. If VPN blocking is enabled, any visitor using a VPN, proxy, or TOR exit node may be blocked regardless of their actual location
  3. The IP in question might belong to a VPN provider’s server

Data Center and ISP Blocking

  1. Check Blocking > Advanced Settings for any ISP-level blocks
  2. Data center IPs (used by bots, scrapers, and some corporate networks) may be blocked under hosting provider rules

Step 3: Check SecurEcommerce Blocking Logs

The blocking logs provide the most detailed view of what happened when a specific IP tried to access your store.

Access the Logs

  1. Open SecurEcommerce and navigate to Analytics > Blocking Logs
  2. Use the search or filter options to look up the IP address
  3. Set the date range to cover the period when the visitor reported being blocked

Understand Log Entries

Each log entry includes:

  • Timestamp — When the access attempt occurred
  • IP Address — The visitor’s IP
  • Country — Geographic origin of the IP
  • Block Reason — Why the visitor was blocked (e.g., “Country block,” “VPN detected,” “Manual IP block,” “Bot detected”)
  • Rule — The specific blocking rule that triggered
  • Page Requested — Which page they tried to access

Look for Patterns

If you see multiple log entries for the same IP, look at the block reasons. They tell you exactly which rule to adjust. Common patterns include:

  • Multiple “VPN detected” entries — The visitor is using a VPN or their ISP shares infrastructure with VPN providers
  • “Country block” entries — The visitor is in or appears to be in a blocked region
  • “Bot detected” entries — Automated detection flagged the visitor’s traffic pattern

Step 4: Test Access from a Different Perspective

Sometimes you need to verify the block from the visitor’s perspective to confirm the issue.

Ask the Visitor to Share Details

Request the following from the person reporting the issue:

  • Their IP address (they can visit a site like whatismyip.com)
  • The exact error message or page they see
  • Their browser and device type
  • Whether they are using a VPN or proxy
  • A screenshot of the blocked page if possible

Test Using a VPN

If you want to simulate the experience yourself:

  1. Use a VPN service to connect from the same region or through a similar IP range
  2. Visit your store and note what you see
  3. Check your blocking logs afterward to confirm whether the visit was blocked and which rule triggered

Use SecurEcommerce’s Test Feature

SecurEcommerce includes a built-in IP testing tool:

  1. Go to Tools > IP Lookup
  2. Enter the IP address in question
  3. The tool will show you whether the IP would be blocked under your current rules and which specific rule applies
  4. This lets you test without needing external access

Step 5: Resolve the Issue

Once you have confirmed that an IP is blocked and understand why, you can take the appropriate action.

Whitelist the IP

If the blocked visitor is legitimate (a customer, partner, or supplier):

  1. Go to Blocking > IP Whitelist
  2. Click Add IP
  3. Enter the IP address
  4. Add a descriptive note (e.g., “John Smith - business partner, added 2026-02-01”)
  5. Click Save

Whitelisted IPs bypass all blocking rules, so only whitelist IPs you trust. For a more detailed walkthrough, see the Whitelist Trusted IPs guide.

Adjust Blocking Rules

If the block was caused by an overly broad rule, consider adjusting it rather than whitelisting individual IPs:

  • Country blocking too aggressive? Switch from allowlist to blocklist mode, or remove the specific country
  • VPN blocking catching legitimate users? Change the VPN action from “Block” to “Show warning” so real customers can still proceed
  • CIDR range too wide? Narrow the range to target only the problematic IPs

Communicate with the Visitor

Once you have resolved the issue, let the affected person know:

  • Confirm they should now have access
  • Ask them to clear their browser cache and try again
  • Provide your support contact in case the issue recurs

Common Reasons IPs Get Blocked

Understanding the most frequent causes of IP blocks can help you troubleshoot faster in the future.

Geographic Restrictions

The visitor’s IP is geolocated to a country you have blocked. This is the most common cause of unexpected blocks, especially for travelers or people using regional ISPs that route traffic through other countries.

VPN or Proxy Usage

Many privacy-conscious users browse through VPNs. If you have VPN blocking enabled, these visitors will be blocked even if they are in an allowed country. Corporate networks sometimes route traffic through VPN-like infrastructure as well.

Shared or Recycled IPs

IP addresses are frequently reused. An IP that was previously associated with malicious activity might now belong to a legitimate user. Cloud hosting providers and mobile carriers often recycle IPs rapidly.

Automated Bot Detection

SecurEcommerce’s bot detection may flag unusual browsing patterns. Visitors using accessibility tools, automated testing software, or certain browser extensions can occasionally trigger these detections.

Manual Block from a Previous Incident

Someone on your team may have manually blocked the IP during a past security incident and the block was never removed. This is why documenting the reason for every manual block is important.

Tips for Preventing False Positives

  • Review your blocklist quarterly — Remove entries that are no longer relevant
  • Use warning mode before full blocking — Especially for VPN detection, start with warnings to gauge the impact
  • Document every manual block — Always include a note explaining who added the block and why
  • Monitor your blocking logs regularly — Catch patterns before they become customer complaints
  • Keep your whitelist current — Add known partner and supplier IPs proactively

What’s Next

Now that you know how to check and resolve IP blocks, explore these related guides:

Related Guides

Guide

Whitelist Trusted IPs

Allow specific IP addresses to bypass blocking. Useful for partners, suppliers, and verified customers.

Read more Guide

Configure Access Blocking

Set up blocking rules to control who can access your Shopify store. Block by country, VPN, IP, and more.

Read more Guide

Review Your Blocked Traffic

Blocking rules can accidentally turn away real customers. Review your blocked traffic logs to catch false positives and optimize your security settings.

Read more

Let SecurEcommerce Handle This For You

This guide works, but it takes time. SecurEcommerce automates security so you can focus on growing your business.

Install SecurEcommerce Free
★★★★★ 5/5 on Shopify 7-day free trial No credit card required