After you add a website to WAF, you can enable the IP blacklist feature. The IP blacklist blocks the access requests from the specified IP addresses and CIDR blocks. It also blocks the access requests from IP addresses in specified regions. You can specify the IP addresses, CIDR blocks, and regions as needed.
- A Web Application Firewall instance is available. For more information, see Activate a WAF instance.
- The website is associated with the Web Application Firewall instance. For more information, see Add domain names.
- If the billing method of the instance is subscription, the edition of the instance must be Business or Enterprise.
The IP blacklist includes the common IP blacklist and the area-based IP blacklist.
- The common IP blacklist: Blocks access requests from specified IP addresses and CIDR blocks.
- The area-based IP blacklist: Blocks the access requests of which the source IP addresses
are from specified regions. You can specify 247 countries and regions as blocked regions,
including Hong Kong (China), Macau (China), Taiwan (China), and provinces in mainland
For more information about the source regions of IP addresses, see Taobao IP address library.
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, choose .
- In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.
- Click the Access control/Throttling tab and find the IP Blacklist section in the Access Control/Throttling module. Turn on the Status switch and click Settings.
- In the IP Blacklist section, configure the IP Blacklist and the Area-based IP Blacklist.
After you turn on the status switch, all the access requests from the IP addresses in the blacklist are automatically blocked.
- IP Blacklist: Enter the IP addresses that you want to block and click Save at the bottom. Separate multiple IP addresses with a comma (,). You can add a maximum of 200 IP addresses.
- Area-based IP Blacklist: Select the regions that you want to block from Inside China or Outside China and click Save at the bottom.
- If you want more precise access control based on the IP blacklist, we recommend that you create custom protection policies. For more information, see Create a custom protection policy.
- If you want to limit the access traffic of a specified IP address, we recommend that you configure the access control or throttling whitelist. For more information, see Configure the access control and throttling whitelist.