How Do I Allow Only Specified IP Addresses to Access Protected Websites?
After you add the website to WAF, configure blacklist and whitelist rules or precise protection rules to allow only specified IP addresses to access the website. WAF then blocks all source IP addresses except the specified ones.
Configuring IP Address Blacklist and Whitelist Rules to Block All Source IP Addresses Except the Specified Ones
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner and choose Web Application Firewall under Security & Compliance.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Blacklist and Whitelist configuration area, enable the protection.
Figure 1 Blacklist and Whitelist configuration area
- Click Customize Rule. On the displayed page, click Add Rule in the upper left corner.
- In the Add Blacklist or Whitelist Rule dialog box, add two blacklist rules to block all source IP addresses.
Figure 2 Blocking IP address range 1.0.0.0/1Figure 3 Blocking IP address range 128.0.0.0/1
- Click Add Rule. In the displayed Add Blacklist or Whitelist Rule dialog box, add a rule for the specified IP address or IP address range.
For example, if you want to allow XXX.XX.2.3 to access your website, add a protection rule as shown in Figure 4.
Configuring a Precise Protection Rule to Block All Source IP Addresses Except the Specified Ones
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner and choose Web Application Firewall under Security & Compliance.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Precise Protection configuration area, enable the protection.
Figure 5 Precise Protection configuration area
- Click Customize Rule. In the upper left corner of the displayed page, click Add Rule.
- In the displayed Add Precise Protection Rule dialog box, add a protection rule as shown in Figure 6 to block all requests.
The priority value here must be greater than that configured in Step 9 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.
- Click Add Rule. In the displayed Add Precise Protection Rule dialog box, add a rule for the specified IP address.
For example, if you want to allow 192.168.2.3 to access the website, add a protection rule as shown in Figure 7.
The priority value here must be smaller than that configured in Step 8 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.
You can also add a whitelist rule for specified IP addresses or IP address range by referring to Step 9.
Protection Rules FAQs
- How Do I Switch the Mode of Basic Web Protection from Log Only to Block?
- Which Protection Levels Can Be Set for Basic Web Protection?
- What Is the Peak Rate of CC Attack Protection?
- When Is Cookie Used to Identify Users?
- What Are the Differences Between Rate Limit and Allowable Frequency in a CC Rule?
- Why Cannot the Verification Code Be Refreshed When Verification Code Is Configured in a CC Attack Protection Rule?
- Can a Precise Protection Rule Take Effect in a Specified Period?
- Can a Path Containing # Be Matched in a Precise Protection Rule?
- How Can I Allow Access from .js Files?
- Can I Batch Add IP Addresses to a Blacklist or Whitelist Rule?
- Can I Import or Export a Blacklist or Whitelist into or from WAF?
- How Do I Block Abnormal IP Addresses?
- Why Does a Requested Page Fail to Respond to the Client After the JavaScript-based Anti-Crawler Is Enabled?
- Is There Any Impact on Website Loading Speed If Other Crawler Check in Anti-Crawler Is Enabled?
- How Does JavaScript Anti-Crawler Detection Work?
- In Which Situations Will the WAF Policies Fail?
- How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?
- Which of the WAF Protection Rules Support the Log-Only Protective Action?
- How Do I Allow Only Specified IP Addresses to Access Protected Websites?
- Which Protection Rules Are Included in the System-Generated Policy?
- Why Does the Page Fail to Be Refreshed After WTP Is Enabled?
- What Are the Differences Between Blacklist/Whitelist Rules and Precise Protection Rules on Blocking Access Requests from Specified IP Addresses?
- What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore