Configuring Geolocation Access Control Rules to Block or Allow Requests from Specific Locations
WAF can identify where a request originates. You can set geolocation access control rules in just a few clicks and let WAF block or allow requests from a certain region. A geolocation access control rule allows you to allow or block requests from IP addresses from specified countries or regions.
Prerequisites
You have added your website to a policy.
Constraints
- One region can be configured in only one geolocation access control rule.
- It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.
Procedure
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
- In the navigation pane on the left, choose Policies.
- Click the name of the target policy to go to the protection configuration page.
- In the Geolocation Access Control configuration area, change Status if needed and click Customize Rule.
Figure 1 Geolocation Access Control configuration area
- In the upper left corner above the Geolocation Access Control list, click Add Rule.
- In the displayed dialog box, add a geolocation access control rule by referring to .
Table 1 Rule parameters Parameter
Description
Example Value
Rule Name
Rule name you configured
waf
Rule Description
A brief description of the rule. This parameter is optional.
waf
Geolocation
Geographical scope of the IP address.
-
Protective Action
Action WAF will take if the rule is hit. You can select Block, Allow, or Log only.
Block
- Click Confirm. You can then view the added rule in the list of the geolocation access control rules.
- To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.
- To modify a rule, click Modify in the row containing the rule.
- To delete a rule, click Delete in the row containing the rule.
Protection Effect
To verify WAF is protecting your website (www.example.com) against a rule:
- Clear the browser cache and enter the domain name in the address bar to check whether the website is accessible.
- If the website is inaccessible, connect the website domain name to WAF by referring to Website Settings.
- If the website is accessible, go to 2.
- Add a geolocation access control rule by referring to Procedure.
- Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.
- Go to the WAF console. In the navigation pane on the left, choose Events. On the displayed page, view or download events data.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot