• Web Application Firewall

waf
  1. Help Center
  2. Web Application Firewall
  3. User Guide
  4. Rule Configurations
  5. Configuring Blacklist or Whitelist Rules

Configuring Blacklist or Whitelist Rules

This section describes how to configure blacklist or whitelist rules to block or allow specific IP addresses or address ranges.

Blacklist and Whitelist only takes effect for specified domain names.

Prerequisites

  • Login credentials have been obtained.
  • The domain name to be protected has been created.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Choose Security > Web Application Firewall. In the navigation pane, choose Domains. The Domains page is displayed (see Figure 1).

    Figure 1 Domains page

  4. In the Operation column of the row containing the target domain name, click Configure Policy. The protection configuration page is displayed, as shown in Figure 2.

    Figure 2 Protection configuration page

  5. In the Blacklist and Whitelist configuration area, change Status as needed and then click Save in the upper right corner of the Protection Status list. In the dialog box displayed, click Yes to save the settings. Otherwise, click Cancel. See Figure 3.

    Figure 3 Blacklist and Whitelist configuration area

  6. Click Customize Rule. On the displayed page, click Add Rule in the upper left corner to add a blacklist or whitelist rule. See Figure 4.

    NOTE:

    If you do not click Save after changing Status in step 5, the Warning dialog box is displayed when you click Customize Rule.

    • Click Yes to cancel the previous settings.
    • Click No and then Save to save the settings.
    Figure 4 Clicking Add Rule

  7. In the displayed dialog box shown in Figure 5, specify the parameters by referring to Table 1.

    Figure 5 Adding a blacklist or whitelist rule
    Table 1 Rule parameters

    Parameter

    Description

    Example Value

    IP Address or Range

    • IP address: IP address to be added to the blacklist or whitelist
    • IP address range: IP address and subnet mask defining a network segment
    • 192.168.2.3
    • 10.1.1.0/24

    Protective Action

    If IP Address or Range is to be added to a whitelist, set this parameter to Whitelist.

    If IP Address or Range is to be added to a blacklist, set this parameter to Blacklist.

    Blacklist

  8. Click OK.

    • To modify the added rule, click Modify in the row containing the target rule.
    • To delete the added rule, click Delete in the row containing the target rule.