This topic describes how to configure and enable the Blocked Regions policy. This policy allows you to block requests to access Anti-DDoS Pro or Anti-DDoS Premium instances from IP addresses in specified regions. Anti-DDoS Pro or Anti-DDoS Premium instances that use the Enhanced function plan support this policy. After you enable this policy, requests to access Anti-DDoS Pro or Anti-DDoS Premium instances from the specified regions are dropped.
The Blocked Regions policy blocks requests from specific regions in scrubbing centers. This policy drops blocked requests near the destination servers. Anti-DDoS Pro or Anti-DDoS Premium instances identify and filter requests based on the region of the source IP addresses. This policy cannot reduce the volume of attack traffic. Therefore, it is suitable for mitigating connection flood attacks.
Blocked Regions and Blocked Regions (Domain Names)
The Blocked Regions policy configured for Anti-DDoS Pro or Anti-DDoS Premium instances has a higher priority than the Blocked Regions (Domain Names) policy when both the policies are in effect.
For example, if you configure the Blocked Regions policy for an Anti-DDoS Pro or Anti-DDoS Premium instance to block requests from regions outside China, users outside China cannot access domain names associated with this instance even if the Blocked Regions (Domain Names) policy is configured to allow access from these regions. If you want to block regions outside China for some services, we recommend that you configure blocked regions for domain names rather than for Anti-DDoS Pro or Anti-DDoS Premium instances. For more information, see Configure a location blacklist for a domain name.
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
- Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
- Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
- In the left-side navigation pane, choose .
- On the Protection for Infrastructure tab, select the instance for which you want to configure blocked regions from the
list on the left side.Note You can search for instances based on instance IDs or descriptions.
- In the Blocked Regions section, click Change Settings.
- In the Configure Blocked Regions panel, select the regions that you want to block and click OK.
- Go back to the Blocked Regions section and turn on Status to apply the settings.