All Products
Search
Document Center

Dynamic Content Delivery Network:Configure an IP address blacklist

Last Updated:Jan 04, 2024

IP address blacklist-based protection policies block requests from specific IPv4 addresses, IPv6 addresses, or CIDR blocks. You can specify the IP addresses or CIDR blocks based on your business requirements.

Prerequisites

Create an IP address blacklist-based protection policy

  1. Log on to the DCDN console.

  2. In the left-side navigation pane, choose WAF > Protection Policies.

  3. On the Protection Policies page, click Create Policy.

  4. On the Create Policy page, configure the parameters. The following table describes the parameters.

    Section

    Parameter

    Description

    Policy Information

    Policy Type

    Select IP Blacklist.

    Policy Name

    The name of the protection policy. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).

    Make Default

    Specifies whether the current policy is the default policy of the current policy type.

    Note
    • You can specify only one default policy for each policy type. After you specify a default policy, you cannot change the default policy.

    • If you have specified a default policy for the current policy type, this switch is unavailable.

    Rule Information

    Rule

    The information about the current blacklist rule. For more information, see Parameters of an IP address blacklist rule.

    Note

    To increase the quota for the number of rules, submit a ticket.

    Protected Domain Names

    Select Association Mode

    You can associate a protected domain name with multiple policies of the same type. If you have associated a domain name with a policy of the same type, you can add the current policy or replace the existing policy with the current policy. You can only replace the existing policy with the current policy for domain names that are associated with the default policy. Valid values:

    • Add and replace the original associated policy: disassociates the associated policy and replaces the policy with the current policy.

    • Add and keep the original associated policy: adds the current policy and retains the associated policy.

    Protected Domain Names

    The domain names that you want to associate with the current protection policy.

  5. Click Create Policy.

    By default, the protection policy that you created is enabled.

Parameters of an IP address blacklist rule

You can create an IP address blacklist rule when you create an IP address blacklist. You can also create a rule for an existing blacklist. The following table describes the parameters.

IP黑名单

Parameter

Description

Rule Name

The name of the custom rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).

IP Address Blacklist

Enter IP addresses. If a request is sent from one of the specified IP addresses, the request matches the protection rule. You can enter an IP address based on the following descriptions:

  • You can enter IPv4 addresses and IPv6 addresses. Sample IPv4 address: 1.XX.XX.1. Sample IPv6 address: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff.

  • You can enter CIDR blocks, such as 1.XX.XX.1/16.

  • Separate multiple IP addresses with line feeds or commas (,).

  • You can enter a maximum of 200 IP addresses.

Action

Select the action that you want WAF to perform when a request matches a rule. Valid values:

  • Block: blocks requests that match the rule and returns a block page to the client.

  • Monitor: does not block the request that matches the rule.

In Monitor mode, you can view the protection performance of the rule and check whether the rule blocks normal requests. Then, you can determine whether to set the Action parameter to Block.

Related API operations