Change details

The Web Application Firewall product plans to add back-to-origin IP CIDR blocks on May 28, 2026. This update includes 13 new back-to-origin CIDR blocks:

The Chinese mainland:

47.109.121.0/24, 8.137.30.0/24, 2408:4006:1281:2100::/56

Outside the Chinese mainland:

8.221.179.0/24, 8.209.48.128/25, 8.213.181.0/24, 240b:4009:219:2100::/56, 240b:4001:2b6:f200::/56, 240b:400e:163:d00::/56, 240b:400b:60:a800::/56, 240b:4000:14:3200::/56, 240b:4005:19b:9300::/56, 240b:4004:cc:2a00::/56

Change response

The WAF console and OpenAPI have updated the latest back-to-origin CIDR block information:

- If you are using WAF 2.0, you can manually go to the WAF console > Product Information > Back-to-Origin IP Segments to view all back-to-origin CIDR blocks and update the whitelist policy for the back-to-origin CIDR blocks on the server side.

- If you are using WAF 3.0, you can manually view all back-to-origin IP CIDR blocks and update the whitelist policy for back-to-origin CIDR blocks on the server side through the WAF console > Provisioning > Web Application Firewall Back-to-origin IP CIDR Block List.

- If you use OpenAPI to obtain the latest back-to-origin CIDR block and add it automatically, you can manually trigger the call or set up automatic invocation to update the whitelist policy based on the OpenAPI invocation method.

See help documentation for detailed steps and troubleshooting.

If you have any questions, feel free to contact us via DingTalk security service group or ticket for consultation. Thank you for your support and cooperation.