After you add a website to WAF, you can enable the IP blacklist feature. The IP blacklist blocks the access requests from the specified IP addresses and CIDR blocks. It also blocks the access requests from IP addresses in specified regions. You can specify the IP addresses, CIDR blocks, and regions as needed.

Notice This topic uses the new version of the WAF console released in January 2020. If the WAF instance was created before January 2020, see Configure a whitelist or blacklist and Blocked regions.


  • A Web Application Firewall instance is available. For more information, see Activate a WAF instance.
  • The website is associated with the Web Application Firewall instance. For more information, see Add domain names.
  • If the billing method of the instance is subscription, the edition of the instance must be Business or Enterprise.

Background information

The IP blacklist includes the common IP blacklist and the area-based IP blacklist.

  • The common IP blacklist: Blocks access requests from specified IP addresses and CIDR blocks.
  • The area-based IP blacklist: Blocks the access requests of which the source IP addresses are from specified regions. You can specify 247 countries and regions as blocked regions, including Hong Kong (China), Macau (China), Taiwan (China), and provinces in mainland China.

    For more information about the source regions of IP addresses, see Taobao IP address library.


  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose Protection Settings > Website Protection.
  4. In the upper part of the Website Protection page, select the domain name for which you want to configure the whitelist.Switch Domain Name
  5. Click the Access control/Throttling tab and find the IP Blacklist section in the Access Control/Throttling module. Turn on the Status switch and click Settings.The IP blacklist
  6. In the IP Blacklist section, configure the IP Blacklist and the Area-based IP Blacklist.
    • IP Blacklist: Enter the IP addresses that you want to block and click Save at the bottom. Separate multiple IP addresses with a comma (,). You can add a maximum of 200 IP addresses.Configure the IP blacklist
    • Area-based IP Blacklist: Select the regions that you want to block from Inside China or Outside China and click Save at the bottom.The area-based IP blacklist
    After you turn on the status switch, all the access requests from the IP addresses in the blacklist are automatically blocked.

See also