All Products
Search

This Product

    Anti-DDoS:Configure blacklists and whitelists for domain names

    Document Center

    Anti-DDoS:Configure blacklists and whitelists for domain names

    Last Updated:Feb 22, 2024

    This topic describes how to configure the Black Lists and White Lists (Domain Names) policy in Anti-DDoS Pro or Anti-DDoS Premium to protect a website service. After you enable this policy, access requests from the IP addresses or CIDR blocks in the blacklist are blocked, while access requests from the IP addresses or CIDR blocks in the whitelist are allowed. This topic describes how to configure the Black Lists and White Lists (Domain Names) policy.

    Overview

    After you add a website service to an Anti-DDoS Pro or Anti-DDoS Premium instance, you can add malicious IP addresses to the blacklist to block requests from the malicious IP addresses. You can add trusted IP addresses to the whitelist. Requests received from whitelisted IP addresses are forwarded directly to the website.

    Usage notes

    • The Black Lists and White Lists (Domain Names) policy takes effect only on a single domain name. The policy does not take effect on an Anti-DDoS Pro or Anti-DDoS Premium instance.

    • You can only enable the Black Lists and White Lists (Domain Names) policy for website services. You can configure a blacklist or whitelist on the Protection for Infrastructure tab for non-website services. For more information, see Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance.

    • You can configure up to 200 IP addresses or CIDR blocks in a blacklist or whitelist for a domain name.

    • After the policy is enabled, the settings apply to each Anti-DDoS Pro or Anti-DDoS Premium instance that is associated with domain names and immediately take effect on the traffic of the domain names.

      Note

      In some situations, the Black Lists and White Lists (Domain Names) policy takes effect only after your instance receives and processes specific inbound traffic. If the settings do not take effect after the policy is enabled, you can access the domain names several times to initiate the settings.

    Prerequisites

    A website service is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add websites.

    Procedure

    1. Log on to the Anti-DDoS Pro console.

    2. In the top navigation bar, select the region of your asset.

      • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

      • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

      You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

    3. In the left-side navigation pane, choose Mitigation Settings > General Policies.

    4. On the General Policies page, click the Protection for Website Services tab and select the domain name that you want to manage from the list on the left side.

    5. In the Blacklist/Whitelist (Domain Names) section, click Settings.

    6. In the Configure Blacklist and Whitelist dialog box, configure the blacklist and whitelist and then click OK.

      • Blacklist: blocks the requests from the IP addresses or CIDR blocks.

      • Whitelist: allows the requests from the IP addresses or CIDR blocks

        Note

        • You can enter IP addresses or CIDR blocks. CIDR blocks must be in the format of IP address/Subnet mask.

        • You can add up to 200 IP addresses or CIDR blocks to a whitelist or blacklist. Separate multiple IP addresses or CIDR blocks with commas (,).

        • You can add 0.0.0.0/0 to the blacklist to block requests from all IP addresses except those added to the whitelist.

    7. In the Blacklist/Whitelist (Domain Names) section, turn on Status to apply the settings.