The IP address blacklist-based protection policies block requests from specified IPv4 addresses, IPv6 addresses, or CIDR blocks. You can specify the IP addresses or CIDR blocks based on your business requirements. This topic describes how to enable and configure an IP address blacklist-based protection policy.
Prerequisites
- Dynamic Route for CDN (DCDN) Web Application Firewall (WAF) is enabled. For more information, see Getting started with DCDN WAF (new edition).
- The domain name that needs to be protected is added to WAF. For more information, see Getting started with DCDN WAF (new edition).
Create an IP address blacklist-based protection policy
Parameters of an IP address blacklist rule
You can create an IP address blacklist rule when you create an IP address blacklist. You can also create a rule for an existing blacklist.

Parameter | Description |
---|---|
Rule Name | The name of the blacklist rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). |
IP Blacklist | Enter IP addresses. If a request is sent from one of the specified IP addresses, the
request matches the protection rule. You can enter the IP address based on the following
descriptions:
|
Action | Select the action that is performed when a request matches the rule. You can specify
different compression methods.
In Monitor mode, you can view the protection performance of the rule and check whether the rule blocks normal requests. Then, you can determine whether to set Action to Block. |