Alibaba Cloud CDN supports region denylists and allowlists. After you add regions to a denylist or an allowlist, Alibaba Cloud CDN identifies the source regions of requests and blocks or allows requests from the specified regions. This way, malicious requests can be blocked by region. This topic describes how to configure a region denylist or allowlist.

Notice This feature is unavailable. We recommend that you use the latest edition of DCDN WAF. For more information, see Overview of DCDN WAF (new edition).

Enable the region denylist or allowlist feature

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.
  4. In the left-side navigation pane of the domain name, click Security Settings.
  5. On the Blocked Regions tab, click Modify.
  6. In the Blocking Settings dialog box, configure the Blocking Type and Regions parameters.
    Blocking settings
    Parameter Description
    Blocking Type
    • Denylist

      All requests from the regions in the denylist are blocked.

    • Allowlist

      Only the requests from the regions in the allowlist can access resources on CDN points of presence (POPs).

    The allowlist and denylist are mutually exclusive. Only one of the allowlist and denylist can take effect at a time.

    Regions Add regions to the denylist or allowlist.
  7. Click OK.

Disable the region denylist or allowlist feature

To disable the region denylist or allowlist, click Delete. After you delete the regions from the denylist or allowlist, requests from all regions can access resources on CDN POPs.

Clear the settings