An address book contains a number of IP addresses, port numbers, or domain names. You can configure address books in the Cloud Firewall console to simplify the configuration of access control policies. You can add trusted or untrusted addresses to an address book. This topic describes how to create, view, modify, and export an address book.
Background information
The threat intelligence feature of Cloud Firewall synchronizes malicious IP addresses and domain names that are detected across Alibaba Cloud to cloud address books. Cloud Firewall also adds the back-to-origin CIDR blocks of your Anti-DDoS Pro or Anti-DDoS Premium instances and Web Application Firewall (WAF) instances to cloud address books. You can configure fine-grained access control policies based on these cloud address books.
- Allow traffic of IP addresses and domain names in address books.
- Deny traffic of IP addresses and domain names in address books.
- One IP address or port number can be added to multiple address books.
- Cloud Firewall provides built-in global address books. You cannot modify or delete the global address books.
- You cannot modify or delete cloud address books.
- If you change the IP addresses, domain names, or port numbers in an address book, the changes are automatically updated in the access control policies that reference the address book.
Limits
- IPv4 address book: If you set Address Book Type to IP Addresses, you can add up to 2,000 IPv4 addresses to each address book. If you set Address Book Type to ECS Tags, you can add up to 500 Elastic Compute Service (ECS) tags to each address book.
- IPv6 address book: You can add up to 2,000 IPv6 addresses to each address book.
- Port address book: You can add up to 50 ports to each address book.
- Domain address book: You can add up to 2,000 domain names to each address book.