After you add a website to Web Application Firewall (WAF), you can enable the blacklists feature. This feature blocks access requests from specified IP addresses, Classless Inter-Domain Routing (CIDR) blocks, and IP addresses in specified regions. You can specify either an IP address blacklist or a region blacklist based on your requirements.
Prerequisites
- A WAF instance is purchased. The instance runs the Pro edition or higher.
Notice WAF instances of the Pro edition support only the IP Address Blacklist feature and do not support the Region Blacklist feature.
To use the Region Blacklist feature, your WAF instance must run the Business edition or higher.
For more information, see Purchase a WAF instance.
- Your website is added to WAF.
For more information, see Tutorial.
Background information
WAF supports both IP address and region blacklists.
- An IP address blacklist blocks access requests from specified IP addresses and CIDR blocks.
- A region blacklist blocks the access requests from administrative regions in China
or countries and areas outside China. You can specify a total of 247 entries as blocked
regions.
You can use the IP address library of Taobao to query the source region of an IP address. For more information, visit the IP address library of Taobao.
Procedure
References
- If you need more precise access control based on blacklists, we recommend that you use a custom protection policy. For more information, see Create a custom protection policy.
- If you want to allow access requests from specified IP addresses, we recommend that you configure the whitelist for Access Control/Throttling. For more information, see Configure a whitelist for Access Control/Throttling.