All Products
Search
Document Center

Anti-DDoS:Configure the location blacklist feature

Last Updated:Jan 15, 2024

The location blacklist feature allows you to block IP addresses by geographic location with a few clicks. Traffic that is destined for Anti-DDoS Pro or Anti-DDoS Premium are blocked at traffic scrubbing centers. This way, malicious requests are blocked. This topic describes how to configure the location blacklist feature.

Feature description

Anti-DDoS Pro and Anti-DDoS Premium support the location blacklist feature and the location blacklist (domain names) feature.

  • The location blacklist feature: The feature takes effect on all services that are added to an Anti-DDoS Pro or Anti-DDoS Premium instance.

  • The location blacklist (domain names) feature: The feature takes effect only on domain names. For more information, see Configure the location blacklist (domain names) feature.

In most cases, you can configure the location blacklist feature for a port service, and configure the location blacklist (domain names) feature for a website service. If you configure the two features at the same time, the location blacklist feature takes effect at a higher priority.

For example, if you configure the location blacklist feature for an Anti-DDoS Pro or Anti-DDoS Premium instance to block requests from regions outside China, users outside China cannot access domain names that are associated with the instance even if the location blacklist (domain names) feature is configured to allow access from the regions.

Scenario

If all service requests are initiated from regions in China, you can configure the location blacklist feature to block requests from regions outside China.

Validity period

After you configure the location blacklist feature, the configurations are permanently valid.

Location blacklist and near-origin traffic diversion

The location blacklist feature blocks requests from specific locations at traffic scrubbing centers. This feature discards blocked requests near the destination servers. The location blacklist feature can identify and filter requests based on the location of the source IP addresses. This feature cannot reduce the volume of attack traffic. Therefore, the feature is suitable for mitigating connection flood attacks.

The near-origin traffic diversion feature discards requests from specific regions based on the attack source by using core routers on the network provided by an Internet Service Provider (ISP). For more information, see Configure the near-origin traffic diversion feature.

Note

The near-origin traffic diversion feature is available only for Anti-DDoS Pro.

Limits

  • The near-origin traffic diversion feature is available only for an Anti-DDoS Pro instance that uses the Enhanced function plan. If your Anti-DDoS Pro instance uses the Standard function plan, upgrade the instance.

  • You cannot configure the feature for multiple Anti-DDoS Pro or Anti-DDoS Premium instances at a time. You must configure the feature for each Anti-DDoS Pro or Anti-DDoS Premium instance.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance that uses the Enhanced function plan is purchased. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Procedure

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Mitigation Settings > General Policies.

  4. On the Protection for Infrastructure tab, select the instance that you want to manage from the list on the left side.

    Note

    You can search for an instance by instance ID or description.

  5. In the Location Blacklist section, click Settings.

  6. In the Configure Location Blacklist panel, select the regions that you want to block and click OK.

  7. Return to the Location Blacklist section and turn on Status for the configurations to take effect.

FAQ

Does Anti-DDoS Pro or Anti-DDoS Premium block access from IP addresses in specific countries outside China or from all IP addresses outside China?