Anti-DDoS Proxy offers a feature for blacklisting or whitelisting IP addresses, allowing you to control access to an Anti-DDoS Proxy instance by specifying which source IP addresses are denied or allowed. This setting applies to all services associated with the instance. This topic outlines the steps to configure the blacklists and whitelists for IP addresses.
Introduction
An Anti-DDoS Proxy instance denies requests from IP addresses on the blacklist and allows those on the whitelist. If an IP address is on both the blacklist and the whitelist, the whitelist takes precedence.
Anti-DDoS Proxy supports both the IP-address-based and the domain-name-based blacklist and whitelist features.
IP-address-based feature affects all services added to an instance.
Domain-name-based feature only affects domain names. For more information, see Configure the blacklist/whitelist (domain names) feature.
Validity period
Blacklist:
Custom blacklist: Permanently effective.
Blacklist issued by the intelligent protection algorithm: This dynamic blacklist targets malicious IP addresses. The blocking lasts from a minimum of 5 minutes to a maximum of 1 hour. For IPs that frequently launch attacks, the blocking period may automatically extend.
Whitelist: Only custom whitelists are supported and are permanently effective.
Limits
You can add up to 2,000 IP addresses or CIDR blocks in each blacklist or whitelist.
To add an IP address from the whitelist to the blacklist, you must first remove it from the whitelist.
Configuration restrictions for blacklist and whitelist:
IPv4-only instances support IPv4 addresses or CIDR blocks, while IPv6-only instances support IPv6 addresses or CIDR blocks.
IPv4 CIDR blocks range from /8 to /32, and IPv6 CIDR blocks range from /32 to /128.
IPv4 addresses cannot be set to 0.0.0.0 or 255.255.255.255, and IPv6 addresses cannot be set to :: or ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff.
Prerequisites
An Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance is purchased. For more information, see Purchase an Anti-DDoS Proxy instance.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland) instance, select Outside Chinese Mainland.
In the left-side navigation pane, choose .
On the Protection for Infrastructure tab, select the desired Anti-DDoS Proxy instance from the list on the left.
You can find an instance by its ID or description.
Go to the Blacklist and Whitelist (IP address-based) section and click Settings.
In the Configure Blacklist and Whitelist panel, select Blacklist or Whitelist to manage the respective lists.
Use commas to separate multiple entries. IP address or subnet mask format is supported.
Once configured, you can batch delete, download, or clear both the blacklist and whitelist.