Help Center/ Cloud Firewall/ User Guide/ Access Control/ Configuring an Access Control Policy/ Quickly Block Malicious Traffic Through Traffic Blocking
Updated on 2025-06-27 GMT+08:00

Quickly Block Malicious Traffic Through Traffic Blocking

During routine O&M, you may encounter attacks from a large number of malicious IP addresses. You need to quickly block the traffic. However, manually configuring the blacklist is inefficient. CFW provides the one-click traffic blocking function, which allows you to block all malicious access by simply adding the malicious IP addresses to the firewall.

Traffic Blocking Policy Description

The protected objects, actions, and application scenarios of traffic blocking policies are as follows.

Name

Description

Protected object

IP addresses

Network type

  • EIP
  • Private IP address

Action

Traffic is blocked directly.

Scenario

  • Defense against malicious traffic attacks: In the case of a DoS attack, malicious traffic can be quickly blocked to ensure network security.
  • Preventing incorrect internal connections: If an internal device connects to a malicious server by mistake, sensitive information may be leaked. Quickly blocking connections can effectively prevent system damage.
  • Service risk control and management: Service operation needs to restrict the access to non-service-related resources to ensure the smooth running of core services.

Constraints

  • Only the following formats are supported:
    • IP address, for example, 10.0.0.0.
    • Multiple consecutive IP addresses, for example, 10.0.0.0-10.0.1.0.
    • Address segment, for example, 10.0.0.0/16.
  • Only files in .txt or .csv format or text input is supported.
  • Number of IP addresses that can be added to a single firewall instance:
    • Standard edition: 100,000
    • Professional edition: 500,000
  • Only the professional edition supports NAT traffic protection. All editions support EIP traffic protection.

Impact on the System

  • After an IP address is added to the traffic blocking list, traffic destined for and from this IP address will be blocked.
  • When configuring an IP address to be blocked, if address translation or proxy is involved, evaluate the impact of blocking IP addresses with caution.

Quickly Block Malicious Traffic Through Traffic Blocking

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Access Control > Traffic Filtering. The Traffic Blocking page is displayed.
  6. Click to enable the traffic blocking function.

    If a blocked file exists in the list, check the IP address and then enable this button.

  7. To add the IP addresses to be blocked, click Add Object and set parameters.

    Table 1 Add object

    Parameter

    Description

    Mode

    Select the method of adding the blocked IP address.
    • Append: The existing IP addresses remain unchanged, and the newly imported IP addresses are added.
    • Overwrite: The newly imported IP addresses will replace the existing IP addresses.

    Effective Scope

    Select the object to be blocked.
    • EIP
    • NAT (Only the professional edition can protect NAT traffic.)

    Content Type

    Selects a type.
    • File upload: Click Add. Only files in .txt or .csv format can be uploaded or text input is supported.
    • Text input: Enter an IP address in the IP Address text box. The total text length cannot exceed 4,000 characters.
    The following formats are supported:
    • IP address, for example, 10.0.0.0.
    • Multiple consecutive IP addresses, for example, 10.0.0.0-10.0.1.0.
    • Address segment, for example, 10.0.0.0/16.

  8. Click OK. Added is displayed in the Status column.

    If the file fails to be added, modify the file or text as prompted and add the file again.

Follow-up Operations

For details about how to view logs, see Attack Event Logs.

A log record is generated every minute. Each record summarizes the data in the minute.

References

  • Viewing or exporting IP address information: Click Download in the Operation column of the row that contains the target IP address. The downloaded file contains all added IP address information.
  • Deleting IP address information: Click Delete in the Operation column of the row that contains the IP address, enter DELETE, and click OK.

    The deletion operation cannot be performed on the content added at a time. When the deletion operation is performed, all IP addresses within the EIP or NAT will be cleared.