CDN:Region-based blacklist

Enable region-based blocking

1. Log on to the Alibaba Cloud CDN console.

2. In the navigation pane on the left, click Domain Names.

3. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.

4. In the navigation pane for the domain name, click Security Settings.

5. On the Region Blacklist tab, click Create Rule.

6. In the Blocking Settings dialog box, select Rule Condition, Blocking Type, Rule Condition, and Regions.

   

   Parameter	Description
   Rule Condition	Rule conditions identify various parameters in a user request to determine whether a configuration applies to the request. Do not use: Do not use rule conditions. To add or edit rule conditions, manage them in the Rules Engine.
   Blocking Type	Blacklist Requests from regions in the blacklist cannot access any resources under the accelerated domain name. Whitelist Only requests from regions in the whitelist can access resources under the accelerated domain name. Requests from all other regions are blocked. The blacklist and whitelist are mutually exclusive. Only one can be active at a time.
   Regions	Specify the regions for the blacklist or whitelist.

7. Click OK.

Disable region-based blocking

To disable region-based blocking, click Clear. After you delete the configuration, Alibaba Cloud CDN no longer controls access requests based on the specified regions.

Configuration example

Block requests from Andorra that use the HTTP protocol to access the /image path.

1. In the rules engine, configure a rule to match requests for resources in the /image path that use the HTTP protocol.

   

2. On the region-based blocking tab, configure a blocking rule to block requests from Andorra that match the condition.

   • Rule Condition: Select the rule that you created in Step 1.

   • Blocking Type: Select Blacklist.

   • Region Settings: Select Andorra.

   

3. Result: If a request matches the rule, a 403 Forbidden error is returned with the message denied by region block.