An address book contains a number of IP addresses, port numbers, or domain names. You can configure address books in the Cloud Firewall console to simplify the configuration of access control policies. You can add trusted or untrusted addresses to the same address book. This topic describes how to create, view, modify, and export an address book.
The threat intelligence feature of Cloud Firewall synchronizes malicious IP addresses and domain names that are detected across Alibaba Cloud to cloud address books. Cloud Firewall also adds the back-to-origin CIDR blocks of your Anti-DDoS Pro or Anti-DDoS Premium instances and Web Application Firewall (WAF) instances to cloud address books. You can configure fine-grained access control policies based on these cloud address books.
- Allow traffic of IP addresses and domain names in address books.
- Deny traffic of IP addresses and domain names in address books.
- One IP address or port number can be added to multiple address books.
- Cloud Firewall provides built-in global address books. You cannot modify or delete the global address books.
- You cannot modify or delete cloud address books.
- If you change the IP addresses, domain names, or port numbers in an address book, the changes are automatically updated in the access control policies that reference the address book.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Access Control page, click the Internet Firewall tab. Then, click Address Books above the policy list.
- In the dialog box that appears, manage address books.
You can perform the following operations:
- Create address books
You can add trusted or untrusted addresses to an address book based on the configuration requirements of an access control policy. You can create the following types of address books: IPv4 address books, IPv6 address books, port address books, and domain address books. For more information, see Create an address book.
- View and modify an address book
Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. On the tab that appears, find the required address book. Then, click Modify in the Actions column to view and modify the address book.Note You cannot change the type or name of an address book.
- View a cloud address book
On the Cloud Address Books tab, view the name, type, number of references, and description of a cloud address book. You can also view the IP address or domain name in a cloud address book.
Find the required cloud address book and click View in the Actions column to view the configurations of the cloud address book.
- Delete an address book
Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. On the tab that appears, find the address book that you want to delete. Then, click Delete in the Actions column. In the message that appears, click OK to delete the address book.Note You cannot delete an address book that is being referenced by access control policies.
- Export an address book
In the upper-right corner of an address book list, click the icon to export the address book.
- Create address books
Create an address book
- Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. In the upper-right corner of the tab that appears, click Create Address Book.
- In the dialog box that appears, configure the parameters. The following table describes the parameters.
- IPv4 Address Books
- IPv6 Address Books
- Port Address Books
- Domain Address Books
Type Parameter Description IPv4 address book Address Book Type Select the type of the IP address book. Valid values:
- IP Addresses
- ECS Tags
IP Address Enter one or more CIDR blocks.Note If you set Address Book Type to IP Addresses, this parameter is required. Separate multiple CIDR blocks with commas (,). Add ECS of Specified Tags Specifies whether to automatically add the public IP addresses of Elastic Compute Service (ECS) instances to the address book if the ECS instances match the specified tags. By default, the switch is turned on. The switch cannot be turned off.Note If you set Address Book Type to ECS Tags, this parameter is required. ECS Tags Select the tags and the values of the tags. The tags must be created within your Alibaba Cloud account and attached to ECS instances. Cloud Firewall automatically adds the public IP addresses of the ECS instances that match the specified tags to an address book.
If you want to select more tags, you can click Add Tag.
After you select a tag, the information about the ECS instance that matches the tag appears. The information includes the name of the virtual private cloud (VPC) and the IP address.
IPv6 address book IPv6 Address Enter one or more IPv6 CIDR blocks. Separate multiple IPv6 CIDR blocks with commas (,). Port address book Ports Enter one or more port numbers. Separate multiple port numbers with commas (,). Domain address book Domain Enter one or more domain names. Separate multiple domain names with commas (,). Each domain name must be unique. Common parameters Address Book Name Enter an informative name for the address book to help you identify the address book. Description Enter the information about the address book and scenarios in which you can use the address book.
- Click Submit.
The address book is displayed in the address book list. You can view the name, number of references, and description of the address book. You can also delete or modify the address book.