IP blocking helps you automatically block client IP addresses that launch multiple Web attacks on your domain within a short period of time.
- You have bought a monthly or yearly subscription WAF service. For more information, see Activate Alibaba Cloud WAF.
- You have added your domain to WAF for protection. For more information, see the "Configure WAF" part of the "Overview" section in Alibaba Cloud WAF User Guide.
- You have enabled Web application protection and HTTP flood protection. For more information, see Web application protection and HTTP flood protection.
You can enable the IP blocking feature to automatically detect and block client IP addresses that launch multiple Web attacks on your domain within a short period of time. Requests from the blocked IP addresses are rejected during the blocking period. After the blocking period expires, the blocked IP addresses are automatically unblocked. After enabling IP blocking, you can customize a protection rule. For more information, see Step 5. You can also unblock IP addresses manually. For more information, see Step 6.
- Log on to the WAF console.
- In the left-side navigation pane, choose . On the Website Configuration page that appears, select the region of your WAF instance (Mainland China or International).
- Find the domain to be configured in the domain list, and click Policies in the Operation column.
- On the page that appears, scroll down to the Block IPs Initiating High-frequency Web Attacks area and turn on Status to enable IP blocking.
After IP blocking is enabled, the following protection rule takes effect by default: If WAF detects that a client IP address has launched more than 20 Web attacks on the specified domain within 60 seconds, WAF blocks the IP address for 1,800 seconds.
- Optional: You can perform the following steps to customize a protection rule:
- In the Block IPs Initiating High-frequency Web Attacks area, Click Settings.
- In the Rule Setting dialog box that appears, set the following parameters.
Note If you do not know how to set these parameters, set Mode to one of the following values: Flexible Mode, Strict Mode, and Normal Mode. Each of these values correspond to a default protection rule that is configured to a certain degree of strictness. You can adjust the settings in these rules to customize the degree of strictness.
Parameter Description Inspection Time Range The period of time at which WAF checks for Web attacks from client IP addresses on the specified domain. Unit: second. The number of attacks exceeds The maximum number of Web attacks that a client IP address can launch on the specified domain within the specified period of time. If the number of Web attacks from a client IP address exceeds the value of this parameter, WAF blocks this IP address. Blocked IP Addresses The period of time over which a client IP address is blocked. Unit: second.
- Click OK.
- Optional: To manually unblock client IP addresses, click Unblock IP Address in the Block IPs Initiating High-frequency Web Attacks area.