The blacklist and whitelist (IP address-based) feature allows you to configure the IP address blacklist and whitelist for an Anti-DDoS Proxy instance to deny or allow the requests from specific source IP addresses to an instance. The IP address blacklist and whitelist take effect on all services that are added to the instance. This topic describes how to configure the blacklist and whitelist (IP address-based) feature.
Feature description
Requests from IP addresses that are included in the blacklist are denied by an instance. Requests from IP addresses that are included in the whitelist are allowed by an instance.
Anti-DDoS Proxy supports the blacklist and whitelist (IP address-based) feature and the blacklist/whitelist (domain names) feature.
The blacklist and whitelist (IP address-based) feature: The feature takes effect on all services that are added to an instance.
The blacklist/whitelist (domain names) feature: The feature takes effect only on domain names. For more information, see Configure the blacklist/whitelist (domain names) feature.
If an IP address is added to both the whitelist and blacklist, the whitelist takes effect at a higher priority. If you want to add an IP address that is added to the whitelist to the blacklist, you must first remove the IP address from the whitelist.
Validity periods
Blacklist: You must specify a blocking period for the IP address that you add to the blacklist. The blocking period can be from five minutes to seven days.
NoteThe blacklist contains malicious IP addresses that are marked by the intelligent protection algorithms of Anti-DDoS Proxy. The intelligent protection algorithms dynamically calculate the blocking periods of malicious IP addresses. The blocking period can be from 5 minutes to 1 hour. If attacks are frequently launched from a malicious IP address, Anti-DDoS Proxy automatically extends the blocking period of the malicious IP address.
Whitelist: The IP addresses that are included in the whitelist are allowed unless you manually remove them.
Limits
You can add up to 2,000 IP addresses to the blacklist. You can add up to 2,000 IP addresses to the whitelist.
Prerequisites
An Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance is purchased. For more information, see Purchase an Anti-DDoS Proxy instance.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland), select Outside Chinese Mainland.
In the left-side navigation pane, choose
.On the Protection for Infrastructure tab, select the instance for which you want to configure the whitelist or blacklist.
You can search for an instance by instance ID or description.
In the Blacklist and Whitelist (IP address-based) section, click Settings.
In the Configure Blacklist and Whitelist panel, click the Blacklist or Whitelist tab to manage the blacklist or whitelist.
NoteAfter the specified blocking period for an IP address in the blacklist elapses, the IP address is automatically removed from the blacklist. If you want to deny requests from the IP address, add the IP address to the blacklist again.
The IP addresses that are included in the whitelist are allowed unless you manually remove them.
After you configure the blacklist and whitelist, you can delete multiple IP addresses from the blacklist and whitelist at a time. You can also download and clear the blacklist and whitelist.