How Do I Allow Only Specified IP Addresses to Access Protected Websites?
After you add the website to WAF, configure blacklist and whitelist rules or precise protection rules to allow only specified IP addresses to access the website. WAF then blocks all source IP addresses except the specified ones.
Configuring IP Address Blacklist and Whitelist Rules to Block All Source IP Addresses Except the Specified Ones
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project. - (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, click Policies.
- Click the name of the target policy to go to the protection rule configuration page.
Before configuring protection rules, ensure that the target protection policy has been applied to a domain name. A protection policy can be applied to multiple protected domain names, but a protected domain name can have only one protection policy.
- In the Blacklist and Whitelist configuration area, enable the protection.
- In the upper left corner of the Blacklist and Whitelist page, click Add Rule.
- In the Add Blacklist or Whitelist Rule dialog box, add two blacklist rules to block all source IP addresses. Figure 1 and Figure 2 show two examples.
- Click Add Rule. In the displayed Add Blacklist or Whitelist Rule dialog box, add a rule for the specified IP address or IP address range.
For example, if you want to allow XXX.XX.2.3 to access your website, add a protection rule as shown in Figure 3.
Configuring a Precise Protection Rule to Block All Source IP Addresses Except the Specified Ones
- Log in to the WAF console.
- Click in the upper left corner and select a region or project.
- (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, click Policies.
- Click the name of the target policy to go to the protection rule configuration page.
Before configuring protection rules, ensure that the target protection policy has been applied to a domain name. A protection policy can be applied to multiple protected domain names, but a protected domain name can have only one protection policy.
- In the Precise Protection configuration area, enable the protection.
Figure 4 Precise Protection configuration area
- In the upper left corner of the displayed page, click Add Rule.
- In the displayed Add Precise Protection Rule dialog box, add a protection rule as shown in Figure 5 to block all requests.
The priority value here must be greater than that configured in Step 9 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.
- Click Add Rule. In the displayed Add Precise Protection Rule dialog box, add a rule for the specified IP address.
For example, if you want to allow 192.168.2.3 to access the website, add a protection rule as shown in Figure 6.
The priority value here must be smaller than that configured in Step 8 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.
You can also add a whitelist rule for specified IP addresses or IP address range by referring to Step 9.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
