This topic describes how to configure the Blocked Regions (Domain Names) policy in both Anti-DDoS Pro and Anti-DDoS Premium for protected website services. If this policy is configured and enabled, you can block all access requests from IP addresses of specific regions, such as regions inside or outside China.

Prerequisites

  • A website is added to Anti-DDoS Pro or Anti-DDoS Premium and associated with an instance that uses the enhanced function plan. For more information, see Add a website.
  • Protection settings in Anti-DDoS Pro or Anti-DDoS Premium of the latest version are enabled.

Background information

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can switch the region (Mainland China and Outside Mainland China), and the system switches between Anti-DDoS Pro and Anti-DDoS Premium accordingly for you to manage and configure Anti-DDoS Pro or Premium instances. Ensure that you switch to the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

If you set up an Anti-DDoS Pro or Anti-DDoS Premium instance to protect your website service and most requests are sent from regions inside China to your instance, deny requests from regions outside China. You can also block other regions as required. To use this policy, specify the regions that you want to block. Supported regions are as follows:

  • Regions inside China
    Shanghai, Yunnan, Nei Mongol, Beijing, Jilin, Sichuan, Tianjin, Ningxia, Anhui, Shandong, Shaanxi, Shanxi, Guangdong, Guangxi, Xinjiang, Jiangsu, Jiangxi, Hebei, Henan, Zhejiang, Hainan, Hubei, Hunan, Gansu, Fujian, Xizang, Guizhou, Liaoning, Chongqing, Qinghai, Heilongjiang, Hong Kong S.A.R, Macao S.A.R, and Taiwan
  • Regions outside China
    Asia (except for regions inside China), Europe, North America, South America, Africa, Oceania, and Antarctica
Precautions
  • This policy is available only for website services. To protect non-website services, we recommend that you configure the traffic block policies on the Protection for Infrastructure tab. For more information, see Configure diversion from the origin server, which is only supported by Anti-DDoS Pro, and Configure blocked regions.
  • This policy is valid only for domain names. If you need to block regions for different domain names, you must specify the regions you want to block for the domain names separately.
  • This policy only identifies and filters requests from IP addresses that are in the blocked regions. It cannot reduce the volume of transmitted attack traffic.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Mitigation Settings > General Policies.
  4. On the General Policies page, click the Protection for Website Services tab. On the tab that appears, select the target domain name from the list on the left side.
  5. In the Blocked Regions (Domain Names) section, click Change Settings.Specify the regions you want to block
  6. In the Select Region dialog box, select the regions that you want to block and then click OK.
    As shown in the following figure, requests from regions outside China cannot access your website after you configure the blocked regions.Select Region
  7. Go back to the Blocked Regions (Domain Names) section and turn on Status to apply the configuration.

Result

After this policy is enabled, the configuration takes effect immediately on all Anti-DDoS Pro or Anti-DDoS Premium instances associated with a domain name.