This topic describes how to configure a location blacklist for a website that is protected by an Anti-DDoS Pro or Anti-DDoS Premium instance. After you enable the feature, you can add a location to the location blacklist to block requests from IP addresses that reside within the location with a few clicks.

Background information

You can configure the location blacklist in the following scenarios:
  • If your website is available only for users in a location, you can add other locations to the location blacklist after you add your website to Anti-DDoS Pro or Anti-DDoS Premium. For example, your website is available only for users in China, and you can add locations outside China to the location blacklist.
  • If your website experiences frequent DDoS attacks from a location, you can add the location to the location blacklist after you add your website to Anti-DDoS Pro or Anti-DDoS Premium.

Precautions

  • This feature is supported only for websites. We recommend that you configure traffic blocking policies on the Protection for Infrastructure tab to protect non-website services. For more information, see Configure diversion from the origin server and Configure blocked regions. Only Anti-DDoS Pro supports diversion from the origin server.
  • You cannot configure location blacklists for multiple domain names at a time. If you want to configure location blacklists for multiple domain names, you must separately configure a location blacklist for each domain name.
  • This feature identifies and filters only requests whose originating IP addresses reside in the blocked locations. This feature cannot reduce the volume of attack traffic.

Prerequisites

A website is added to Anti-DDoS Pro or Anti-DDoS Premium and is associated with an instance that uses the Enhanced function plan. For more information, see Add a website.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Mitigation Settings > General Policies.
  4. On the General Policies page, click the Protection for Website Services tab. In the left-side list of domain names, select a domain name.
  5. In the Location Blacklist (Domain Names) section, click Change Settings.
  6. In the Configure Location Blacklist panel, select the locations that you want to block and click OK.
  7. Go back to the Location Blacklist (Domain Names) section and turn on Status to apply the configuration.

Result

After the feature is enabled, the configuration takes effect immediately on all Anti-DDoS Pro or Anti-DDoS Premium instances that are associated with the specified domain name.