Anti-DDoS Pro provides a blacklist and whitelist, which allows you to block and allow accesses to specified domains.
- Requests from IPs (or IP segments) that are added to the whitelist are permitted to access the target domain, and are not subject to any protection policies.
- Requests from IPs (or IP segments) that are added to the blacklist are blocked from accessing the target domain.
Note: Blacklist and whitelist are effective for only the target domain, not for the whole Anti-DDoS Pro instance. You can separately add up to 200 IPs (or IP segments) to the blacklist or whitelist for a single domain.
You can add those malicious IPs that have huge access to the blacklist for blocking, and add those IPs within your internal office network, IPs called by business APIs or other trusted normal IPs to the whitelist. Requests from IPs (or IP segments) in the whitelist are permitted to access the protected domain, and are not blocked.
Log on to the Anti-DDoS Pro console.
Go to Protection>Setting>Web Attack Protection page, select Instance, and select Domain.
Note: You can also go to Access>Web Service page, locate a protected domain, and click Setting under the Policy column, to open the Web Attack Protection page for the domain.
Locate the Black & White List area, click Settings.
Note: To set the blacklist or whitelist, you have to enable HTTP Flood Protection.
- Select the Blacklist tab, add malicious IPs (or IP segments) to be blocked, and then click Save.
Select the Whitelist tab, add IPs (or IP segments) that are permitted to access the domain, and then click Save.
Note: You can configure a maximum of 200 records each by using both individual IP address and IP/mask.
- Blacklist/Whitelist is not applicable to Non-Web Service.
- Blacklist/Whitelist is effective immediately if it is successfully configured. However, it becomes invalid when the configuration is deleted.
- Changes in the blacklist/whitelist affect all Anti-DDoS Pro IP addresses assigned to the target domain name in the forwarding rule configurations.