The blacklist and whitelist (IP address-based) feature allows you to configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance to deny or allow the requests from specific source IP addresses to an instance. The IP address blacklist and whitelist take effect on all services that are added to the instance. This topic describes how to configure the blacklist and whitelist (IP address-based) feature.
Feature description
Requests from IP addresses that are included in the blacklist are denied by an instance. Requests from IP addresses that are included in the whitelist are allowed by an instance.
Anti-DDoS Pro and Anti-DDoS Premium supports the blacklist and whitelist (IP address-based) feature and the blacklist/whitelist (domain names) feature.
The blacklist and whitelist (IP address-based) feature: The feature takes effect on all services that are added to an instance.
The blacklist/whitelist (domain names) feature: The feature takes effect only on domain names. For more information, see Configure the blacklist/whitelist (domain names) feature.
If an IP address is added to both the whitelist and blacklist, the whitelist takes effect at a higher priority. If you want to add an IP address that is added to the whitelist to the blacklist, you must first remove the IP address from the whitelist.
Validity period
Blacklist: You must specify a blocking period for the IP address that you add to the blacklist. The blocking period can be from five minutes to seven days.
NoteThe blacklist contains malicious IP addresses that are marked by the intelligent protection algorithms of Anti-DDoS Pro or Anti-DDoS Premium. The intelligent protection algorithms dynamically calculate the blocking periods of malicious IP addresses. The blocking period can be from 5 minutes to 1 hour. If attacks are frequently launched from a malicious IP address, Anti-DDoS Pro or Anti-DDoS Premium automatically extends the blocking period of the malicious IP address.
Whitelist: The IP addresses that are included in the whitelist are allowed unless you manually remove them.
Limits
You can add up to 2,000 IP addresses to the blacklist. You can add up to 2,000 IP addresses to the whitelist.
Prerequisites
An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.
Procedure
Log on to the Anti-DDoS Pro console.
In the top navigation bar, select the region of your asset.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
In the left-side navigation pane, choose .
On the Protection for Infrastructure tab, select the instance that you want to manage from the list on the left side.
You can search for an instance by instance ID or description.
In the Blacklist and Whitelist (IP address-based) section, click Settings.
In the Configure Blacklist and Whitelist panel, click the Blacklist or Whitelist tab to manage the blacklist or whitelist.
NoteAfter the specified blocking period for an IP address in the blacklist elapses, the IP address is automatically removed from the blacklist. If you want to deny requests from the IP address, add the IP address to the blacklist again.
The IP addresses that are included in the whitelist are allowed unless you manually remove them.
After you configure the blacklist and whitelist, you can delete multiple IP addresses from the blacklist and whitelist at a time. You can also download and clear the blacklist and whitelist.