IP blocking helps you automatically block client IP addresses that launch multiple Web attacks on your domain within a short period of time.

Prerequisites

You can enable this feature in Web Application Firewall (WAF) only when the following conditions are met:

Background information

You can enable the IP blocking feature to automatically detect and block client IP addresses that launch multiple Web attacks on your domain within a short period of time. Requests from the blocked IP addresses are rejected during the blocking period. After the blocking period expires, the blocked IP addresses are automatically unblocked. After enabling IP blocking, you can customize a protection rule. For more information, see Step 5. You can also unblock IP addresses manually. For more information, see Step 6.

Procedure

  1. Log on to the WAF console.
  2. In the left-side navigation pane, choose Management > Website Configuration. On the Website Configuration page that appears, select the region of your WAF instance (Mainland China or International).
  3. Find the domain to be configured in the domain list, and click Policies in the Operation column.
  4. On the page that appears, scroll down to the Block IPs Initiating High-frequency Web Attacks area and turn on Status to enable IP blocking.

    After IP blocking is enabled, the following protection rule takes effect by default: If WAF detects that a client IP address has launched more than 20 Web attacks on the specified domain within 60 seconds, WAF blocks the IP address for 1,800 seconds.
  5. Optional: You can perform the following steps to customize a protection rule:
    1. In the Block IPs Initiating High-frequency Web Attacks area, Click Settings.
    2. In the Rule Setting dialog box that appears, set the following parameters.
      Note If you do not know how to set these parameters, set Mode to one of the following values: Flexible Mode, Strict Mode, and Normal Mode. Each of these values correspond to a default protection rule that is configured to a certain degree of strictness. You can adjust the settings in these rules to customize the degree of strictness.
      Parameter Description
      Inspection Time Range The period of time at which WAF checks for Web attacks from client IP addresses on the specified domain. Unit: second.
      The number of attacks exceeds The maximum number of Web attacks that a client IP address can launch on the specified domain within the specified period of time. If the number of Web attacks from a client IP address exceeds the value of this parameter, WAF blocks this IP address.
      Blocked IP Addresses The period of time over which a client IP address is blocked. Unit: second.


    3. Click OK.
  6. Optional: To manually unblock client IP addresses, click Unblock IP Address in the Block IPs Initiating High-frequency Web Attacks area.