Alibaba Cloud CDN supports region denylists and allowlists. After you add regions to a denylist or an allowlist, Alibaba Cloud CDN identifies the source regions of requests and blocks or allows requests from the specified regions. This way, malicious requests can be blocked by region. This topic describes how to configure a region denylist or allowlist.
Enable the region denylist or allowlist feature
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.
- In the left-side navigation pane of the domain name, click Security Settings.
- On the Blocked Regions tab, click Modify.
- In the Blocking Settings dialog box, configure the Blocking Type and Regions parameters.
Parameter Description Blocking Type
All requests from the regions in the denylist are blocked.
Only the requests from the regions in the allowlist can access resources on CDN points of presence (POPs).
The allowlist and denylist are mutually exclusive. Only one of the allowlist and denylist can take effect at a time.
Regions Add regions to the denylist or allowlist.
- Click OK.
Disable the region denylist or allowlist feature
To disable the region denylist or allowlist, click Delete. After you delete the regions from the denylist or allowlist, requests from all regions can access resources on CDN POPs.