How to enable and configure the Location Blacklist module - Web Application Firewall

After you add your website to Web Application Firewall (WAF), you can configure Location Blacklist rules. WAF identifies the source region of client requests, which lets you block requests from specific regions and mitigate high volumes of malicious traffic. This topic describes how to create a Location Blacklist rule.

Prerequisites

You have activated a subscription or pay-as-you-go WAF 3.0 instance of the Enterprise Edition or higher.
Web services are added to WAF 3.0 as protected objects. For more information, see Configure protected objects and protected object groups.

Template types

Location Blacklist protection templates come in two types.

Protection template	Description	Applicable objects
Default protection template	WAF does not provide an initial default protection template. You must create one manually.	When created, the template is applied by default to all protected objects and object groups that are not associated with a custom protection template. Newly added protected objects are also automatically added to the default template. You can manually adjust the applicable objects.
Custom protection template	A custom protection template that you must create manually.	You must set the Applicable Objects. The template applies only to the protected objects and object groups associated with it.

Create a Location Blacklist protection template

The Location Blacklist feature does not provide a default protection template. To enable Location Blacklist rules, you must create a new protection template.

Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, choose Protection Configuration > Core Web Protection.
On the Core Web Protection page, in the Region Blacklist section, click Create Template.

In the Create Template - Location Blacklist panel, configure the following parameters and click OK.

Parameter	Description
Template Name	Enter a name for the template. The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
Set As Default Template	Select whether to set this template as the default template for the protection module. Each protection module can have only one default template. You do not need to set Applicable Objects for a default template. It is automatically applied to all protected objects and object groups that are not associated with a custom protection template. This includes newly added objects and objects removed from custom templates. You can also manually remove objects from the default template.
Rule Action	Select the action that you want WAF to perform on the requests that match the rule. Valid values: Block: blocks a request that matches the rule and returns a block page to the client that initiates the request. Note By default, WAF returns a preconfigured block page. You can use the custom response feature to configure a custom block page. Monitor: records a request that matches the rule in a log and does not block the request. You can query the logs of requests that match the rule and analyze the protection performance. For example, you can query logs to check whether normal requests are blocked. Important You can query logs only if the Simple Log Service for WAF feature is enabled. If you select Monitor, you can perform a dry run on the rule to check whether the rule blocks normal requests. If the rule passes the dry run, you can set the Action parameter to Block. Note On the Security Reports page, you can query the details of matched rules in Monitor or Block mode. For more information, see Security reports.
Select Blocked Regions	Select the regions that you want to block. You can select regions Within China and Outside China.
Applicable Objects	Select items to which you want to apply the template on the Protected Objects and Protected Object Groups tabs. For more information, see Configure protected objects and protected object groups. A protected object or object group can be associated with only one Location Blacklist protection template. If you set a default protection template, it is applied by default to all protected objects and object groups that are not associated with a custom template. If you do not set a default template, no objects or groups are selected by default. You can manually change the applicable objects.

By default, a newly created protection template is enabled. You can perform the following operations on the template in the template list:

View the numbers of protected objects and protected object groups that are associated with the template in the Protected Object/Group column.
Turn on or turn off the switch in the Status column to enable or disable the template.
Click Create Rule in the Actions column to create a protection rule for the template.
Click Edit, Delete, or Copy in the Actions column to manage the template.
Click the icon to the left of the template name to view the protection rules in the template.

What to do next

You can view protection rule details on the Location Blacklist tab of the Security Reports page. For more information, see Security reports.

References

To learn more about the protected objects, protection modules, and protection process of WAF 3.0, see Overview of mitigation settings.
To create a protection template using the API, see Create a protection template.
To create and configure a Web core protection rule, see Create a Web core protection rule.