Help Center/ Web Application Firewall/ User Guide/ Configuring Protection Policies/ Configuring Threat Intelligence Access Control Rules to Block or Allow IP Addresses in a Specified IP Address Library
Updated on 2024-11-19 GMT+08:00

Configuring Threat Intelligence Access Control Rules to Block or Allow IP Addresses in a Specified IP Address Library

Access is controlled based on the IP address library of an Internet Data Center (IDC). The available IP address library platforms include Dr. Peng, Google, Tencent, and Meituan. With this protection, when a source IP address in the target IP address library initiates an access request to any path under the protected domain name, the configured access control rule is triggered, and the request is blocked, allowed, or logged only.

Prerequisites

Constraints

  • In cloud mode, only the professional edition and platinum edition support threat intelligence access control rules.
  • In dedicated mode, only dedicated instances released in September 2022 and later support threat intelligence access control rules. For details about dedicated instance versions, see Dedicated Engine Version Iteration.
  • ELB-mode WAF does not support threat intelligence access control rules.

Configuring a Threat Intelligence Access Control Rule

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
  4. In the navigation pane on the left, choose Policies.
  5. Click the name of the target policy to go to the protection configuration page.
  6. Click the Threat Intelligence Access Control configuration area and toggle it on or off if needed.

    • : enabled.
    • : disabled.

  7. In the upper left corner above the rule list, click Add Rule.
  8. In the dialog box displayed, add a threat intelligence access control rule. Table 1 describes the parameters.

    Figure 1 Add Threat Intelligence Access Rule
    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Rule Name

    Name of the rule

    WAFtest

    Rule Description

    A brief description of the rule. This parameter is optional.

    --

    IP Reputation Library Type

    Select IDC from the drop-down list box and select the IP database platform.

    You can select IP library platform Dr. Peng, Google, Tencent, Meituan, and more.

    IDC

    Huawei

    Protective Action

    Action WAF will take if the rule is hit. You can select Block, Allow, or Log only.

    • Block: Requests that hit the rule will be blocked and a block response page is returned to the client that initiates the requests. By default, WAF uses a unified block response page. You can also customize this page.
    • Allow: Requests that hit the rule are forwarded to backend servers.
    • Log only: Requests that hit the rule are not blocked, but will be logged.

    Allow

  9. Click OK. You can view the added threat intelligence access control rule in the rule list.

    • To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.
    • To modify the rule, click Modify in the row containing the rule.
    • To delete the rule, click Delete in the row containing the rule.