This topic describes how to configure the Black Lists and White Lists (Domain Names) policy in Anti-DDoS Pro or Anti-DDoS Premium to protect website services. After you enable this policy, access requests from the IP addresses or CIDR blocks in the blacklist are blocked, while access requests from the IP addresses or CIDR blocks in the whitelist are allowed.

Prerequisites

A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.

Background information

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can switch the region (Mainland China and Outside Mainland China), and the system switches between Anti-DDoS Pro and Anti-DDoS Premium accordingly for you to manage and configure Anti-DDoS Pro or Premium instances. Ensure that you switch to the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

After you set up an Anti-DDoS Pro or Anti-DDoS Premium instance to protect website services, you can add malicious IP addresses to the blacklist to block requests from them. You can add trusted IP addresses to the whitelist. Requests received from whitelisted IP addresses are forwarded directly to the website.

Precautions
  • You can only enable the Black Lists and White Lists (Domain Names) policy for website services. You can configure a blacklist or whitelist on the Protection for Infrastructure tab for non-website services. For more information, see Configure a blacklist or whitelist for destination IP addresses.
    Note The Black Lists and White Lists (Destination IP) policy is available only for Anti-DDoS Pro.
  • The Black Lists and White Lists (Domain Names) policy only takes effect on a single domain name. It does not take effect on an Anti-DDoS Pro or Anti-DDoS Premium instance.
  • You can configure up to 200 IP addresses or CIDR blocks in a blacklist or whitelist for a domain name.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Mitigation Settings > General Policies.
  4. On the General Policies page, click the Protection for Website Services tab and select the target domain name from the list on the left side.
  5. In the Black Lists and White Lists (Domain Names) section, click Change Settings.Select the target domain name
  6. In the Blacklist and Whitelist Settings dialog box, configure the blacklist and whitelist and then click OK.
    • On the Blacklist tab, enter the malicious IP addresses or CIDR blocks that you want to block.
    • On the Whitelist tab, enter the IP addresses or CIDR blocks that you want to allow to pass through.
    Note
    • You can enter IP addresses or CIDR blocks. CIDR blocks must be in the format of IP address/Subnet mask.
    • You can add up to 200 IP addresses or CIDR blocks to a whitelist or blacklist. Separate multiple IP addresses or CIDR blocks with commas (,).
    • You can add 0.0.0.0/0 to the blacklist to block requests from all IP addresses except those added to the whitelist.
    Blacklist and Whitelist Settings
  7. Go back to the Black Lists and White Lists (Domain Names) section and turn on Status to apply the settings.
    Note If you use an earlier version, you must enable HTTP flood prevention for the blacklist and whitelist to take effect.

Result

After the policy is enabled, the settings apply to each Anti-DDoS Pro or Anti-DDoS Premium instance associated with domain names and take effect on access to the domain names immediately.
Note In some situations, the Black Lists and White Lists (Domain Names) policy takes effect only after your instance receives and processes certain inbound traffic. If the settings do not take effect after the policy is enabled, you can access the domain names several times to initiate the settings.