Help Center/ Web Application Firewall/ User Guide/ Configuring Protection Policies/ Configuring Protection Rules/ Configuring Threat Intelligence Access Control Rules to Block or Allow IP Addresses in a Specified IP Address Library
Updated on 2025-12-12 GMT+08:00
View PDF
Share

Configuring Threat Intelligence Access Control Rules to Block or Allow IP Addresses in a Specified IP Address Library

Access is controlled based on the IP address library of an Internet Data Center (IDC). The available IP address library platforms include Dr. Peng, Google, Tencent, and Meituan. With this protection, when a source IP address in the target IP address library initiates an access request to any path under the protected domain name, the configured access control rule is triggered, and the request is blocked, allowed, or logged only.

Constraints

Function

Constraint

Edition restriction
  • Cloud mode: This function is supported in the professional and enterprise editions.
  • Dedicated mode: This function is supported in dedicated engine version 202209 or later. For details, see Dedicated Engine Version Iteration.

Access mode restrictions

Cloud mode - load balancer access: This function is not supported.

Rule effective time

It takes several minutes for a new rule to take effect. After a rule takes effect, protection events triggered by the rule will be displayed on the Events page. For details, see Querying a Protection Event.

Prerequisites

Configuring a Threat Intelligence Access Control Rule

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, click Policies.
  5. In the policy list, click the name of the target policy to go to the protection rule configuration page.

    You can also go to the Website Settings page, locate the target domain name, and click the number next to the protection policy in the Policy column to go to the protection rule configuration page.

  6. Click the Threat Intelligence Access Control configuration box and ensure that the threat intelligence access control protection is enabled.

    : enabled.

  7. In the upper left corner above the rule list, click Add Rule.
  8. In the dialog box displayed, add a threat intelligence access control rule. Table 1 describes the parameters.

    Figure 1 Add Threat Intelligence Access Rule
    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Rule Name

    Name of the rule.

    WAFtest

    Rule Description (Optional)

    A brief description of the rule.

    --

    IP Reputation Library Type

    Select the IP reputation library type. Currently, only IDC is supported.

    Select IDC from the drop-down list box and select the IP database platform.

    Dr. Peng, Google, Tencent, Meituan, and other platforms.

    IDC

    Huawei

    Protective Action

    Protective action for the rule when a request matches the rule.

    • Block: Requests that hit the rule will be blocked, and a block response page will be returned to the client that initiates the requests.

      By default, WAF uses a unified block response page. You can also customize this page.

    • Allow: Requests that hit the rule are forwarded to backend servers.
    • Log only: Requests that hit the rule will be logged but not be blocked.

    Allow

  9. Click OK. You can view the added threat intelligence access control rule in the rule list.

    To make the protection rule take effect, ensure that the protection policy the protection rule belongs to has been applied to a domain name. For details, see Adding a Domain Name to a Policy. A protection policy can be applied to multiple protected domain names, but a protected domain name can have only one protection policy.

    After completing the preceding configurations, you can:

    • Check the rule status: In the protection rule list, check the rule you added. Rule Status is Enabled by default.
    • Disable the rule: If you do not want the rule to take effect, click Disable in the Operation column of the rule.
    • Delete or modify the rule: Click Delete or Modify in the Operation column of the rule.
    • Verify the protection effect:
      1. Clear the browser cache and access http://www.example.com using IP addresses in Huawei Cloud IP address library. If WAF blocks the request and returns the block page, the rule works.
      2. On the Events page, check the protection logs.

Parent Topic: Configuring Protection Rules