Web Application Firewall:Configure Location Blacklist rules

Prerequisites

Before you begin, make sure that you have:

• A subscription or pay-as-you-go WAF 3.0 instance of the Enterprise Edition or higher

• Web services added to WAF 3.0 as protected objects. For more information, see Configure protected objects and protected object groups

Protection template types

Create a Location Blacklist protection template

WAF does not provide a default protection template for Location Blacklist. To enable Location Blacklist rules, create a protection template.

1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. Select Chinese Mainland or Outside Chinese Mainland.

2. In the left-side navigation pane, choose Protection Configuration > Core Web Protection.

3. In the Region Blacklist section, click Create Template.

4. In the Create Template - Region Blacklist panel, configure the following parameters and click OK.

   Parameter	Description
   Template Name	Enter a name for the template. The name must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
   Save as Default Template	Specify whether to set this template as the default template. Each protection module can have only one default template. A default template does not require you to set Protected Objects. It auto-applies to all protected objects and object groups not associated with a custom protection template, including newly added objects and objects removed from custom templates. You can manually adjust the applicable objects.
   Rule Action	Select the action that WAF performs on matching requests: Block: Blocks the request and returns a block page to the client. By default, WAF returns a preconfigured block page. To customize the block page, use the custom response feature. Monitor: Records the request in a log without blocking it. Use this option as a dry run to verify that the rule does not block legitimate requests. After the rule passes the dry run, set the action to Block. Important Log queries require the Simple Log Service for WAF feature to be enabled. Note On the Security Reports page, view matched rule details in both Monitor and Block modes. For more information, see Security reports.
   Select Regions to Block	Select the regions to block. Options: China and Outside China.
   Apply To	Select the protected objects and protected object groups on the Protected Objects and Protected Object Groups tabs. For more information, see Configure protected objects and protected object groups. A protected object or object group can be associated with only one Location Blacklist protection template. If you set a default protection template, it auto-applies to all protected objects and object groups not associated with a custom template. If you do not set a default template, no objects or groups are selected by default. You can manually adjust the applicable objects.

Manage protection templates

A newly created protection template is enabled by default. In the template list, you can:

• View the number of associated protected objects and protected object groups in the Protected Object/Group column.

• Turn the switch in the Status column on or off to enable or disable the template.

• Click Create Rule in the Actions column to add a protection rule to the template.

• Click Edit, Delete, or Copy in the Actions column to manage the template.

• Click the expand icon to the left of the template name to view the protection rules in the template.

View protection reports

View protection rule details on the Region Blacklist tab of the Security Reports page. For more information, see Security reports.

References

• Overview of mitigation settings -- Learn about protected objects, protection modules, and the protection process of WAF 3.0.

• Create a protection template (API) -- Create a protection template programmatically.

• Create a web core protection rule (API) -- Create and configure a protection rule programmatically.