An address book contains a number of IP addresses, port numbers, or domain names. You can configure address books in the Cloud Firewall console to simplify the configuration of access control policies. You can add trusted or untrusted addresses to an address book. This topic describes how to create, view, modify, and export an address book.

Background information

The threat intelligence feature of Cloud Firewall synchronizes malicious IP addresses and domain names that are detected across Alibaba Cloud to cloud address books. Cloud Firewall also adds the back-to-origin CIDR blocks of your Anti-DDoS Pro or Anti-DDoS Premium instances and Web Application Firewall (WAF) instances to cloud address books. You can configure fine-grained access control policies based on these cloud address books.

When you configure access control policies, you can perform the following operations:
  • Allow traffic of IP addresses and domain names in address books.
  • Deny traffic of IP addresses and domain names in address books.
Note
  • One IP address or port number can be added to multiple address books.
  • Cloud Firewall provides built-in global address books. You cannot modify or delete the global address books.
  • You cannot modify or delete cloud address books.
  • If you change the IP addresses, domain names, or port numbers in an address book, the changes are automatically updated in the access control policies that reference the address book.

Limits

You can create up to 5,000 address books. The number of addresses that can be added to an address book varies based on the type of the address book:
  • IPv4 address book: If you set Address Book Type to IP Addresses, you can add up to 2,000 IPv4 addresses to each address book. If you set Address Book Type to ECS Tags, you can add up to 500 Elastic Compute Service (ECS) tags to each address book.
  • IPv6 address book: You can add up to 2,000 IPv6 addresses to each address book.
  • Port address book: You can add up to 50 ports to each address book.
  • Domain address book: You can add up to 2,000 domain names to each address book.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Access Control > Access Control.
  3. On the Access Control page, click the Internet Firewall tab. Then, click Address Books above the policy list.
    Manage address books
  4. In the dialog box that appears, manage address books.
    You can perform the following operations:
    • Create an address book

      You can add trusted or untrusted addresses to an address book based on the configuration requirements of an access control policy. You can create the following types of address books: IPv4 Address Books, IPv6 Address Books, Port Address Books, and Domain Address Books. For more information, see Create an address book.

    • View and modify an address book

      Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. On the tab that appears, find the address book that you want to view and modify. Then, click Modify in the Actions column to view and modify the address book.

      Note You cannot change the value of the Address Book Type parameter.
    • View a cloud address book

      On the Cloud Address Books tab, view the name, type, number of references, and description of a cloud address book. You can also view the IP address or domain name in a cloud address book.

      Cloud Address Books

      Find a cloud address book and click View in the Actions column to view the configurations of the cloud address book.

      Configurations of a cloud address book
    • Delete an address book

      Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. On the tab that appears, find the address book that you want to delete. Then, click Delete in the Actions column. In the message that appears, click OK.

      Note You cannot delete an address book that is being referenced by access control policies.
    • Export an address book

      In the upper-right corner of an address book list, click the Download icon icon to export the address books.

      Export address books

Create an address book

  1. Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. In the upper-right corner of the tab that appears, click Create Address Book.
  2. In the Create Address Book, Create Port Address Book or Create Domain Address Book dialog box, configure the parameters. The following table describes the parameters.
    • IPv4 Address BooksParameters for an IP address book
    • IPv6 Address Booksipv6
    • Port Address BooksParameters for a port address book
    • Domain Address BooksParameters for a domain address book
    Type Parameter Description
    IPv4 address book Address Book Type Select the type of the IP address book. Valid values:
    • IP Addresses
    • ECS Tags
    IP Address Enter one or more CIDR blocks.
    Note If you set Address Book Type to IP Addresses, this parameter is required. Separate multiple CIDR blocks with commas (,).
    Add ECS of Specified Tags Specifies whether to automatically add the public IP addresses of ECS instances to the address book if the ECS instances match the specified tags. By default, the switch is turned on. The switch cannot be turned off.
    Note If you set Address Book Type to ECS Tags, this parameter is required.
    ECS Tags Select the tags and the values of the tags. The tags must be created within your Alibaba Cloud account and added to ECS instances. Cloud Firewall automatically adds the public IP addresses of the ECS instances that match the specified tags to an address book.

    If you want to select more than one tag, you can click Add Tag.

    After a tag is added, the information about the ECS instances that match the tag appears. The information includes the name of the virtual private cloud (VPC) and the IP address of each ECS instance.

    Note If you set Address Book Type to ECS Tags, this parameter is required.
    IPv6 address book IPv6 Address Enter one or more IPv6 CIDR blocks. Separate multiple IPv6 CIDR blocks with commas (,).
    Port address book Ports Enter one or more port numbers. Separate multiple port numbers with commas (,).
    Domain address book Domain Enter one or more domain names. Separate multiple domain names with commas (,).
    Common parameters Address Book Name Enter an informative name for the address book to help you identify the address book.
    Description Enter the information about the address book and scenarios in which you can use the address book.
  3. Click Submit.
    After an address book is created, it is displayed in the address book list. You can view the name, number of references, and description of the address book. You can also delete or modify the address book.