The IP address blacklist-based protection policies block requests from specified IPv4 addresses, IPv6 addresses, or CIDR blocks. You can specify the IP addresses or CIDR blocks based on your business requirements. This topic describes how to enable and configure an IP address blacklist-based protection policy.

Prerequisites

Create an IP address blacklist-based protection policy

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, choose WAF > Protection Policies.
  3. On the Protection Policies page, click Create Policy.
  4. On the Create Policy page, configure the parameters that are described in the following table.
    Configuration moduleParameterDescription
    Policy InformationPolicy TypeSelect IP Blacklist.
    Policy NameThe name of the protection policy. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).
    Make DefaultSpecifies whether the current policy is the default policy of the current policy type.
    Note
    • You can specify only one default policy for each policy type. You cannot change the default policy after you specify a default policy.
    • If a default policy has already been specified for the current policy type, this switch is unavailable.
    Rule InformationRuleThe rule information of the current IP address blacklist-based protection policy. For more information, see Parameters of an IP address blacklist rule.
    Note To increase the rule quota, submit a ticket..
    Protected Domain NamesProtected Domain NamesThe domain name that you want to associate with the current protection policy.
    Note You can associate a protected domain name with only one protection policy of the same policy type.

    If the domain name is associated with another protection policy of the same type, the domain name is associated with the current policy after you configure the current policy for the domain name.

  5. Click Create Policy.

    By default, the protection policy that you created is enabled.

Parameters of an IP address blacklist rule

You can create an IP address blacklist rule when you create an IP address blacklist. You can also create a rule for an existing blacklist.

IP blacklist
ParameterDescription
Rule NameEnter the name of the rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).
IP BlacklistEnter IP addresses. If a request is sent from one of the specified IP addresses, the request matches the protection rule. You can enter the IP address based on the following descriptions:
  • You can enter IPv4 addresses and IPv6 addresses. IPv4 address example: 1.XX.XX.1. IPv6 address example: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff.
  • You can enter CIDR blocks, such as 1.XX.XX.1/16.
  • Separate multiple addresses with line feeds or commas (,).
  • You can enter a maximum of 200 IP addresses.
ActionSelect the action that is performed when a request matches the rule. Valid values:
  • Block: blocks requests that match the rule and returns a block page to the client.
  • Monitor: does not block requests that match the rule.

In Monitor mode, you can view the protection performance of the rule and check whether the rule blocks normal requests. Then, you can determine whether to set Action to Block.