Alibaba Cloud Document Center: Find the Documentation for Your Needs

The IP blacklist protection policies allows you to customize requests from specific IP addresses (IPv4 or IPv6 addresses) or CIDR blocks based on business scenarios. This topic describes how to enable and configure an IP address blacklist protection policies.

Prerequisites

Dynamic Route for CDN (DCDN) Web Application Firewall (WAF) is enabled. For more information, see Getting started with DCDN WAF (new edition).
The domain name that needs to be protected is added to WAF. For more information, see Getting started with DCDN WAF (new edition).

Create a protection policies-IP blacklist

Log on to the DCDN console.
In the left-side navigation pane, choose WAF > Protection Policies.
On the Protection Policies page, click Create Policy.

On the Create Policy page, configure the parameters that are described in the following table.


Configuration module	Option	Description
Policy Information	Policy Type	Select IP Blacklist.
	Policy Name	The name of the protection policy. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).
	Make Default	Specifies whether the current policy is the default policy of the current policy type. Note You can specify only one default policy for each type of policy. You cannot change the default policy after you specify a default policy. If a default policy has been specified for the current policy type, this switch is unavailable.
Rule Information	Rule	The protection policies rule information of the current IP address blacklist. For more information, see IP blacklist rule parameter description. Note If you need to increase the quota of rules, you need to apply submit a ticket.
Protected Domain Names	Protected Domain Names	The domain name that you want to associate with the current protection policy. Note You can associate a protected domain name with only one protection policy of the same policy type. If the domain name is associated with another protection policy of the same type, the domain name is associated with the current policy after you configure the current policy for the domain name.

Click Create Policy.

By default, the protection policy that you created is enabled.

IP blacklist rule parameter description

You can create an IP blacklist protection policies when you create an IP blacklist rule, or create a rule for an existing protection policies after you create an IP blacklist protection policies.


Option	Description
Rule Name	The name of the whitelist rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).
IP address blacklist	Enter IP addresses. If a request is sent from one of the specified IP addresses, the request matches the protection rule. You can enter the IP address based on the following descriptions: IPv4 addresses (for example,1.XX.XX.1) and IPv6 addresses (for example, 2001:db8:ffff:ffff:ffff:ffff:ffff) are supported. The CIDR block format (for example,1.XX.XX.1/16) is supported. Separate multiple addresses with the Enter key or commas (,). You can enter up to 200 IP addresses.
Action	Select the action that is performed when a request matches the rule. You can specify different compression methods. Block: blocks the request that matches the rule and returns a block page to the client that sent the request. Monitor: does not block the request that matches the rule. In Monitor mode, you can check the protection performance of the rule and check whether the rule blocks normal requests. Then, you can determine whether to set Action to Block based on the check results.