Quickly Blocking Malicious Traffic Through Traffic Blocking

Traffic Blocking Policy Description

The protected objects, actions, and application scenarios of traffic blocking policies are as follows.

Constraints

• Only the following formats are supported:
  • IP address, for example, 10.0.0.0.
  • Multiple consecutive IP addresses, for example, 10.0.0.0-10.0.1.0.
  • Address segment, for example, 10.0.0.0/16.
• Only files in .txt or .csv format or text input is supported.
• Number of IP addresses that can be added to a single firewall instance:
  • Standard edition: 100,000
  • Professional edition: 500,000
• Only the professional edition supports NAT traffic protection. All editions support EIP traffic protection.

Impact on the System

• After an IP address is added to the traffic blocking list, traffic destined for and from this IP address will be blocked.
• When configuring an IP address to be blocked, if address translation or proxy is involved, evaluate the impact of blocking IP addresses with caution.

Quickly Blocking Malicious Traffic Through Traffic Blocking

1. Log in to the CFW console.
2. Click in the upper left corner of the management console and select a region or project.
3. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
4. In the navigation pane, choose Access Control > Traffic Filtering. The Traffic Blocking tab page is displayed.
5. Click . In the displayed dialog box, click OK to enable traffic blocking.
   

   If a blocked IP address exists in the list, check the IP address and then enable this button.

6. To add the IP addresses to be blocked, click Add Object and set parameters.

   Table 1 Add object

   Parameter	Description
   Mode	Select the method of adding the blocked IP address. Append: The existing IP addresses remain unchanged, and the newly imported IP addresses are added. Overwrite: The newly imported IP addresses will replace the existing IP addresses.
   Effective Scope	Select the object to be blocked. EIP NAT (Only the professional edition can protect NAT traffic.)
   Content Type	Select a type. File: Click File and select the file to be uploaded. The requirements for the uploaded file are as follows: Only one .txt or .csv file can be uploaded. To specify multiple IP addresses, in a .txt file, separate IP addresses using commas (,), semicolons (;), tab characters, or spaces, or put each IP address on a separate line. In a .csv file, put all IP addresses in the first column, each occupying a line. Text: Select Text and enter an IP address in the IP Address text box. The total text length of IP addresses cannot exceed 4,000 characters. To specify multiple IP addresses, separate them with commas (,), semicolons (;), tab characters, or spaces, or put each URL on a separate line. The following formats are supported: IP address, for example, 10.0.0.0. Multiple consecutive IP addresses, for example, 10.0.0.0-10.0.1.0. Address segment, for example, 10.0.0.0/16.

7. Click OK.

   If Status of a file changes to Added, the file has been added.

   If the file fails to be added, modify the file or text as prompted and add the file again.

Follow-up Operations

For details about how to view logs, see Attack Event Logs.

A log record is generated every minute. Each record summarizes the data in the last minute.

References

• Viewing or exporting IP address information: Click Download in the Operation column of the row that contains the target IP address. The downloaded file contains all added IP address information.
• Deleting IP address information: Click Delete in the Operation column of the row that contains the IP address, enter DELETE, and click OK.
  

  Partial deletion is not supported. All the IP addresses configured for EIP or NAT will be cleared.