An address book contains a number of IP addresses, port numbers, or domain names. You can configure address books in the Cloud Firewall console to simplify the configuration of access control policies. You can add trusted or untrusted addresses to an address book. This topic describes how to create, view, modify, and export an address book.
Background information
The threat intelligence feature of Cloud Firewall synchronizes malicious IP addresses and domain names that are detected across Alibaba Cloud to cloud address books. Cloud Firewall also adds the back-to-origin CIDR blocks of your Anti-DDoS Pro or Anti-DDoS Premium instances and Web Application Firewall (WAF) instances to cloud address books. You can configure fine-grained access control policies based on these cloud address books.
- Allow traffic of IP addresses and domain names in address books.
- Deny traffic of IP addresses and domain names in address books.
- One IP address or port number can be added to multiple address books.
- Cloud Firewall provides built-in global address books. You cannot modify or delete the global address books.
- You cannot modify or delete cloud address books.
- If you change the IP addresses, domain names, or port numbers in an address book, the changes are automatically updated in the access control policies that reference the address book.
Limits
- IPv4 address book: If you set Address Book Type to IP Addresses, you can add up to 2,000 IPv4 addresses to each address book. If you set Address Book Type to ECS Tags, you can add up to 500 Elastic Compute Service (ECS) tags to each address book.
- IPv6 address book: You can add up to 2,000 IPv6 addresses to each address book.
- Port address book: You can add up to 50 ports to each address book.
- Domain address book: You can add up to 2,000 domain names to each address book.
Procedure
- On the Access Control page, click the Internet Firewall tab. Then, click Address Books above the policy list.
- In the dialog box that appears, manage address books. You can perform the following operations:
- Create an address book
You can add trusted or untrusted addresses to an address book based on the configuration requirements of an access control policy. You can create the following types of address books: IPv4 Address Books, IPv6 Address Books, Port Address Books, and Domain Address Books. For more information, see Create an address book.
- View and modify an address book
Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. On the tab that appears, find the address book that you want to view and modify. Then, click Modify in the Actions column to view and modify the address book.
Note You cannot change the value of the Address Book Type parameter. - View a cloud address book
On the Cloud Address Books tab, view the name, type, number of references, and description of a cloud address book. You can also view the IP address or domain name in a cloud address book.
Find a cloud address book and click View in the Actions column to view the configurations of the cloud address book.
- Delete an address book
Click the IPv4 Address Books, IPv6 Address Books, Port Address Books, or Domain Address Books tab based on your business requirements. On the tab that appears, find the address book that you want to delete. Then, click Delete in the Actions column. In the message that appears, click OK.
Note You cannot delete an address book that is being referenced by access control policies. - Export an address book
In the upper-right corner of an address book list, click the
icon to export the address books.
- Create an address book
Create an address book
- In the Create Address Book, Create Port Address Book or Create Domain Address Book dialog box, configure the parameters. The following table describes the parameters.
- IPv4 Address Books
- IPv6 Address Books
- Port Address Books
- Domain Address Books
Type Parameter Description IPv4 address book Address Book Type Select the type of the IP address book. Valid values: - IP Addresses
- ECS Tags
IP Address Enter one or more CIDR blocks. Note If you set Address Book Type to IP Addresses, this parameter is required. Separate multiple CIDR blocks with commas (,).Add ECS of Specified Tags Specifies whether to automatically add the public IP addresses of ECS instances to the address book if the ECS instances match the specified tags. By default, the switch is turned on. The switch cannot be turned off. Note If you set Address Book Type to ECS Tags, this parameter is required.ECS Tags Select the tags and the values of the tags. The tags must be created within your Alibaba Cloud account and added to ECS instances. Cloud Firewall automatically adds the public IP addresses of the ECS instances that match the specified tags to an address book. If you want to select more than one tag, you can click Add Tag.
After a tag is added, the information about the ECS instances that match the tag appears. The information includes the name of the virtual private cloud (VPC) and the IP address of each ECS instance.
Note If you set Address Book Type to ECS Tags, this parameter is required.IPv6 address book IPv6 Address Enter one or more IPv6 CIDR blocks. Separate multiple IPv6 CIDR blocks with commas (,). Port address book Ports Enter one or more port numbers. Separate multiple port numbers with commas (,). Domain address book Domain Enter one or more domain names. Separate multiple domain names with commas (,). Common parameters Address Book Name Enter an informative name for the address book to help you identify the address book. Description Enter the information about the address book and scenarios in which you can use the address book. - IPv4 Address Books