Help Center>
Cloud Firewall>
User Guide>
Managing ACL Rules>
Managing Domain Name Groups>
Adding a Domain Name Group
Updated on 2024-01-12 GMT+08:00
Adding a Domain Name Group
A domain name group is a collection of multiple domain names or wildcard domain names. You can configure domain name groups to protect domains in batches.
The options are as follows:
- Website filtering: Layer 7 protocol parsing. Websites are matched based on domain names. HTTP/HTTPS is supported.
- DNS resolution: Layer 4 protocol parsing. Domain names are filtered based on resolved IP addresses. TCP, UDP, and ICMP are supported. For details about IP address resolution, see Configuring DNS Resolution.
Constraints
- Domain names in Chinese cannot be added to domain name groups.
- The domain names in a domain name group can be referenced by protection rules for up to 40,000 times, and wildcard domain names can be referenced for up to 2,000 times.
URL Filtering (Layer 7 Protocol Parsing)
- A domain name group can have up to 1,500 domain names.
- A firewall instance can have up to 500 domain name groups.
- A firewall instance can have up to 2,500 domain names.
Address Resolution (Layer 4 Protocol Parsing)
- A domain name group can have up to 15 domain names.
- Each domain name can resolve up to 1000 IP addresses.
- Each domain name group can resolve up to 1,500 IP addresses.
- A firewall instance can have up to 1000 domain names.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - In the navigation pane, click
and choose . The Dashboard page will be displayed, as shown in Figure 1.
- (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
- In the navigation pane, choose Access Control > Domain Name Groups.
- Click Add Domain Name Group and configure parameters.
Table 1 Domain name group parameters Parameter
Description
Group Name
Name of a user-defined domain name group.
Domain Name Group Type
The options are as follows:- Website filtering: Layer 7 protocol parsing. Websites are matched based on domain names. HTTP/HTTPS is supported.
- DNS resolution: Layer 4 protocol parsing. Domain names are filtered based on resolved IP addresses. TCP, UDP, and ICMP are supported. For details about IP address resolution, see Configuring DNS Resolution.
Description
(Optional) Enter remarks for the domain name group.
Domain Name
Enter one or multiple domain names.
- You can enter a multi-level single domain name (for example, top-level domain name example.com and level-2 domain name www.example.com) or a wildcard domain name (*.example.com).
- Multiple domain names are separated by commas (,), semicolons (;), line breaks, or spaces.
NOTE:Domain names must be unique.
Related Operation
- To edit a domain name group, click Edit in the Operation column.
- A domain name group takes effect only after it is set in a protection rule. For more information, see Adding a Protection Rule.
- To view the IP addresses resolved by a domain name group of the DNS resolution type, click the domain name group name to go to the Basic Information page, and click IP address in the Operation column of the domain name list.
Parent topic: Managing Domain Name Groups
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
