How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?

If you allow only IP addresses in a region to access the protected domain name, for example, only IP addresses from Shanghai can access the protected domain name, take the following steps:

Geolocation access control rules have higher priority than built-in WAF rules. If you configure a geolocation access control rule to allow IP addresses from a certain location, WAF then forwards traffic from those IP addresses without performing basic web protection checks.

1. Log in to the WAF console.
2. Click in the upper left corner and select a region or project.
3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
4. In the navigation pane on the left, click Policies.
5. Click the name of the target policy to go to the protection rule configuration page.

   Before configuring protection rules, ensure that the target protection policy has been applied to a domain name. A protection policy can be applied to multiple protected domain names, but a protected domain name can have only one protection policy.

6. In the upper left corner above the Geolocation Access Control list, click Add Rule.
7. Add a geolocation access control rule: Select Shanghai for Geolocation and select Allow for Protective Action.
8. In the upper left corner above the Precise Protection rule list, click Add Rule. Configure a precise protection rule to block all requests. Figure 1 shows an example.
   Figure 1 Blocking all access requests