All Products
Search
Document Center

Web Application Firewall:Configure protection rules for the region blacklist module to block requests from specific regions

Last Updated:Sep 05, 2024

After you add your web services to Web Application Firewall (WAF), you can configure protection rules for the region blacklist module to identify the source regions of requests and block or allow requests from specific regions. This way, malicious requests can be blocked by region. This topic describes how to configure protection rules for the region blacklist module.

Prerequisites

Create a protection template of the region blacklist module

The region blacklist module does not provide default protection templates. Before you can enable a protection rule of the region blacklist module, you must create a protection template of the module. After the template is created, a protection rule is automatically generated.

  1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

  2. In the left-side navigation pane, choose Protection Configuration > Basic Web Protection.

  3. In the Region Blacklist section of the Basic Web Protection page, click Create Template.

    Note

    If this is your first time to create a protection template of the region blacklist module, you can also click Configure Now in the Region Blacklist card in the upper part of the Basic Web Protection page.

  4. In the Create Template - Region Blacklist panel, configure the parameters and click OK. The following table describes the parameters.

    Parameter

    Description

    Template Name

    Specify a name for the template.

    The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).

    Save as Default Template

    Specify whether to set the template as the default template for the protection module.

    You can specify only one default template for a protection module. If you turn on Save as Default Template, you do not need to configure the Apply To parameter. The default template is applied to all protected objects and protected object groups to which no custom templates are applied.

    Action

    Select the action that you want WAF to perform on the requests that match the rule. Valid values:

    • Block: blocks a request that matches the rule and returns a block page to the client that initiates the request.

      Note

      By default, WAF returns a preconfigured block page. You can use the custom response feature to configure a custom block page. For more information, see Configure protection rules for the custom response module to configure custom block pages.

    • Monitor: records a request that matches the rule in a log and does not block the request. You can query the logs of requests that match the rule and analyze the protection performance. For example, you can query logs to check whether normal requests are blocked.

      Important

      You can query logs only if the Simple Log Service for WAF feature is enabled. For more information, see Enable or disable the Simple Log Service for WAF feature.

      If you select Monitor, you can perform a dry run on the rule to check whether the rule blocks normal requests. If the rule passes the dry run, you can set the Action parameter to Block.

    Note

    On the Security Reports page, you can query the details of matched rules in Monitor or Block mode. For more information, see Security reports.

    Blocked Regions

    The number and details of regions in the Chinese mainland and outside the Chinese mainland from which requests are blocked.

    Select Regions to Block

    Select the regions that you want to block. You can select regions on the China and Outside China tabs. The regions that you select are displayed in the Blocked Regions section.

    Apply To

    Select the Protected Objects and Protected Object Group to which you want to apply the template.

    You can apply only one template of a protection module to a protected object or protected object group. For more information about how to add protected objects and create protected object groups, see Configure protected objects and protected object groups.

    By default, a newly created protection template is enabled. You can perform the following operations on the protection template in the template list:

    • View the numbers of protected objects and protected object groups that are associated with the template in the Protected Object/Group column.

    • Turn on or turn off the switch in the Status column to enable or disable the template.

    • Click Edit or Delete in the Actions column to modify or delete the template.

    • Click the 展开图标 icon to the left of the template name to view the protection rules in the template.

What to do next

On the Region Blacklist tab of the Security Reports page, you can view the protection details of the configured protection rules. For more information, see IP address blacklist, custom rule, scan protection, HTTP flood protection, and region blacklist modules.

References

  • For more information about the protection objects, protection modules, and protection process of WAF 3.0, see Protection configuration overview.

  • For more information about how to create a protection template by calling an API operation, see CreateDefenseTemplate.

  • For more information about how to create a protection rule by calling an API operation, see CreateDefenseRule.