This topic describes how to configure the Black Lists and White Lists (Domain Names) policy in Anti-DDoS Pro or Anti-DDoS Premium to protect website services. After you enable this policy, access requests from the IP addresses or CIDR blocks in the blacklist are blocked, while access requests from the IP addresses or CIDR blocks in the whitelist are allowed.

Prerequisites

A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.

Background information

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can select the Chinese Mainland or Outside Chinese Mainland region to switch between the Anti-DDoS Pro and Anti-DDoS Premium consoles. Then, you can configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances based on your business requirements. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

After you set up an Anti-DDoS Pro or Anti-DDoS Premium instance to protect website services, you can add malicious IP addresses to the blacklist to block requests from them. You can add trusted IP addresses to the whitelist. Requests received from whitelisted IP addresses are forwarded directly to the website.

Precautions
  • You can only enable the Black Lists and White Lists (Domain Names) policy for website services. You can configure a blacklist or whitelist on the Protection for Infrastructure tab for non-website services. For more information, see Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance.
    Note The Black Lists and White Lists (Destination IP) policy is available only for Anti-DDoS Pro.
  • The Black Lists and White Lists (Domain Names) policy only takes effect on a single domain name. It does not take effect on an Anti-DDoS Pro or Anti-DDoS Premium instance.
  • You can configure up to 200 IP addresses or CIDR blocks in a blacklist or whitelist for a domain name.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Mitigation Settings > General Policies.
  4. On the General Policies page, click the Protection for Website Services tab and select the target domain name from the list on the left side.
  5. In the Black Lists and White Lists (Domain Names) section, click Change Settings.Select the target domain name
  6. In the Blacklist and Whitelist Settings dialog box, configure the blacklist and whitelist and then click OK.
    • On the Blacklist tab, enter the malicious IP addresses or CIDR blocks that you want to block.
    • On the Whitelist tab, enter the IP addresses or CIDR blocks that you want to allow to pass through.
    Note
    • You can enter IP addresses or CIDR blocks. CIDR blocks must be in the format of IP address/Subnet mask.
    • You can add up to 200 IP addresses or CIDR blocks to a whitelist or blacklist. Separate multiple IP addresses or CIDR blocks with commas (,).
    • You can add 0.0.0.0/0 to the blacklist to block requests from all IP addresses except those added to the whitelist.
    Blacklist and Whitelist Settings
  7. Go back to the Black Lists and White Lists (Domain Names) section and turn on Status to apply the settings.
    Note If you use an earlier version, you must enable HTTP flood prevention for the blacklist and whitelist to take effect.

Result

After the policy is enabled, the settings apply to each Anti-DDoS Pro or Anti-DDoS Premium instance associated with domain names and take effect on access to the domain names immediately.
Note In some situations, the Black Lists and White Lists (Domain Names) policy takes effect only after your instance receives and processes certain inbound traffic. If the settings do not take effect after the policy is enabled, you can access the domain names several times to initiate the settings.