You can set whitelist or blacklist by configuring HTTP ACL policies in WAF. Those whitelist and blacklist are only effective on the specific domain that has the HTTP ACL policy configured.
Log on to the Alibaba Cloud console.
Locate to Security>Web Application Firewall>Management>Website Configuration page, find the domain that you want to add whitelist or blacklist for, click Polices.
Enable HTTP ACL Policy, and then click Settings.
Click Add Rule to add a new ACL rule. For example, allow all requests from IP 22.214.171.124.
Note: If you want allow all requests from this IP, do not select any “proceed to …” protection options in the Add Rule dialog box; If any protection options selected, some requests from this IP can still be blocked by those protection rules.
Similarly, you can also follow this procedure to set blacklist for a specific domain.
The relationships among multiple matching conditions in one rule are “and”. Thus, if you want to add whitelist or blacklist for multiple IPs/IP segments, you have to create multiple HTTP ACL rules.
Note: The IP matching filed in HTTP ACL rules supports mask format (for example, 126.96.36.199/24 is supported), and the logical operator supports “not have”. For example, you can refer to the following rule configuration when you want to only allow requests from specific IP segment to one domain.
There is a priority among multiple HTTP ACL rules. WAF applies the HTTP ACL rules according to the displayed sequence (from top to bottom) of HTTP ACL rules in the HTTP ACL Policy list. Additionally, you can click Sort Rules to adjust the priority among the HTTP ACL rules.